Cisco's 2015 Midyear Security Report has revealed that at least one group of malware-spreading scum has a literary bent.
The report found one group of criminals who were hosting a webpage designed to inject exploit code into unpatched browsers. Typically these landing pages have very little on them, often just random text, but in this case the authors used an extensive excerpt from Jane Austen’s 1811 classic Sense and Sensibility.
"Putting something like this in would increase dwell time on the site, allowing the malware a greater window for attack," Jason Brvenik, principal engineer in Cisco's security business group, told El Reg. "It also helps thwart machine analytics, which attempts to assess if a website is good or bad. As for why other tomes haven't been used – maybe the author's a fan of Austen."
The report also highlighted another decidedly retro trend: Attacks on Microsoft software using macros are on the rise again after years of decline. Microsoft began turning off macro support in Office by default some time ago, but new attack examples using the so-called Dridex Trojans have shown they can still be an issue.
In these cases, spam emails containing malicious code disguised as legitimate documents also included information about how to enable macros on the target system so that the malware could be activated.
One such campaign was also notable because the attackers ran much shorter attacks in order to avoid traditional signature-based antivirus systems. They spammed out malware-laden emails for just a few hours before shutting down, then altered their malware to have a different signature so that any information the antivirus firms gathered about the attack would be useless.
The report also noticed a big uptick in the number of attacks using Adobe Flash. There barely seems to be a month this year when another Flash zero-day hasn't been spotted and patched. That's led some – including this Reg hack – to call for Flash to be dumped wherever possible, but John Stewart, Cisco's chief security and trust officer, disagrees.
"I think if you clock back we would had said the same thing about Java two years ago, based on the number of attacks," Stewart told The Register. "Flash is paying attention to getting the fixes in place and sorting issues as they are found. Flash is fine so long as you're doing good hygiene." ®