• chevron_right

      Botnet that knows your name and quotes your email is back with new tricks

      news.movim.eu / ArsTechnica · Monday, 13 March, 2023 - 21:11 · 1 minute

    Botnet that knows your name and quotes your email is back with new tricks

    Enlarge (credit: Getty Images)

    Widely regarded as one of the Internet’s top threats , the Emotet botnet has returned after a months-long hiatus—and it has some new tricks.

    Last week, Emotet appeared for the first time this year after a four-month hiatus. It returned with its trademark activity—a wave of malicious spam messages that appear to come from a known contact, address the recipient by name, and seem to be replying to an existing email thread. When Emotet has returned from previous breaks, it brought new techniques designed to evade endpoint security products and to trick users into clicking on links or enabling dangerous macros in attached Microsoft Office documents. Last week’s resumption of activity was no different.

    A malicious email sent last Tuesday, for instance, attached a Word document that had a massive amount of extraneous data added to the end. As a result, the file was more than 500MB in size, big enough to prevent some security products from being able to scan the contents. This technique, known as binary padding or file pumping, works by adding zeros to the end of the document. In the event someone is tricked into enabling the macro, the malicious Windows DLL file that’s delivered is also pumped, causing it to mushroom from 616kB to 548.1MB, researchers from security firm Trend Micro said on Monday .

    Read 7 remaining paragraphs | Comments

    • chevron_right

      Microsoft makes major course reversal, allows Office to run untrusted macros (updated)

      news.movim.eu / ArsTechnica · Monday, 11 July, 2022 - 16:47

    Microsoft makes major course reversal, allows Office to run untrusted macros (updated)

    Enlarge (credit: Getty Images)

    Microsoft has stunned core parts of the security community with a decision to quietly reverse course and allow untrusted macros to be opened by default in Word and other Office applications. The company later clarified that the move is temporary.

    In February, the software maker announced a major change it said it enacted to combat the growing scourge of ransomware and other malware attacks. Going forward, macros downloaded from the Internet would be disabled entirely by default. Whereas previously, Office provided alert banners that could be disregarded with the click of a button, the new warnings would provide no such way to enable the macros.

    "We will continue to adjust our user experience for macros, as we’ve done here, to make it more difficult to trick users into running malicious code via social engineering while maintaining a path for legitimate macros to be enabled where appropriate via Trusted Publishers and/or Trusted Locations,” Microsoft Office Program Manager Tristan Davis wrote in explaining the reason for the move.

    Read 11 remaining paragraphs | Comments

    index?i=SlsOx866W0U:uLE-IrgA6Go:V_sGLiPBpWU index?i=SlsOx866W0U:uLE-IrgA6Go:F7zBnMyn0Lo index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
    • chevron_right

      DOTIMES and DOLIST in Lisp Flavored Erlang

      Michał "phoe" Herda · Sunday, 23 December, 2018 - 11:59

    (This is a repost of an old blog post of mine from Teknik.)

    #lfe #macros

    No unnecessary talking - here are CL:DOLIST and CL:DOTIMES macros reimplemented in LFE. CL:DOTIMES is awful, but works well in face on the GENSYM-less environment of LFE.

    (defmacro dolist args
  (let ((`((,var ,list . ,result) . ,body) args))
    `(do ((,var ,list (cdr ,var)))
         ((== '() ,var) ,result)
       (let ((,var (car ,var)))
         ,@body))))

    (defmacro dotimes args
  (let* ((`((,var ,n) . ,body) args)
         (range (lists:seq 0 (- n 1)))
         (fn (lambda (i) `(let ((,var ,i)) ,@body)))
         (result (cl:mapcar fn range)))
    `(progn ,@result)))