phishing attack: How does it affect you

The malware FreeMilk is used by the hackers to infiltrate the computers using malicious codes and retrieve confidential information without even getting noticed

Must Read

How to choose an effective DDoS mitigation plan

There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the cloud protection flavours (always-on or on-demand)

How tech bolster security of online gaming platforms

The rise of online and is evident throughout the world’s financial capitals with the UK, US, and a few other European nations at the forefront

Explained: The evolving nature of cybersecurity threats

Concerns such as hacking and the presence of computer viruses have existed for decades in one form or another. As technology evolved over the years, so did the cybersecurity  threats themselves.

IT security researchers at Palo Alto Networks have discovered a new spear-phishing campaign that intercepts an active conversation and hijacks them to spread malware using highly-customised emails designed to look as if they are coming from the original sender. The malware dubbed as is used by the hackers to infiltrate the computers using malicious codes and retrieve confidential information without even getting noticed. The attack leverages CVE-2017-0199, a remote code execution vulnerability in the way Microsoft Office and Wordpad parse specially crafted files – which was subsequently patched in April this year.

How does FreeMilk affect the victim’s system?

Upon successful execution of a FreeMilk phishing attack, two payloads named PoohMilk and Freenkin gets installed on the targeted system. PoohMilk’s primary motive is to run the Freenki downloader. Freenki, on the other hand, performs two different task – the first is to collect information from the host and the second is to act as a second-stage downloader which further downloads sophisticated malware.

Information collected by the malware include username, computer name, ethernet MAC addresses, and running processes. Besides this, Freenki can take screenshots of the victim’s system, with all the information sent to a command server for the attackers to store and use.

Who is behind FreeMilk?

As of now the actors behind this attack have not been identified. However, the security researchers have found out that “PoohMilk” tool has been previously used in January 2016 in which the phishing emails were disguised as a security patch. Attackers also attempted to distribute “Freeniki” in an August 2016 watering-hole attack on an anti-North Korean government website by defectors in the United Kingdom

How does FreeMilk affect India?

Due to the massive number of inactive, un-patched and outdated windows machines especially in the government & small-medium scale organisations, these series of attacks can be serious for India. All machines that aren’t updated with the patch that was released in April are at a severe risk and can aid cyber criminals and state actors in gaining access to even the most sophisticated networks.

“Freemilk is exploiting the CVE-2017-0199 vulnerability in Windows which was patched in April 2017. Therefore, ensure that any computer that has not been patched since before April, 2017 is not allowed to go on your the network,” said Comments from Ankush Johar, Director at HumanFirewall.io, a leading provider of human information security awareness and preparedness solutions.

Users can patch their computers using the official security update if not done already from – https://support.microsoft.com/en-us/help/3141538/description-of-the-security-update-for-office-2010-april-11-2017.

General hygiene for protection from FreeMilk phishing scam

Defending against this kind of attack is rather simple. Following are some key points.

For home users

* Use the latest Operating System.
* Make sure automatic updates are enabled, and downloaded regularly.
* Ensure Firewall is enabled to block all network based attacks.
* Never Click/Download anything on Emails from untrusted sources. Make sure the mail is from a trusted party, only then download the attachments.
* Use a proper, regularly updated Antivirus.

For organisations

* Latest patches must instantly be deployed across the company.
* All pirated / un-patched / outdated devices to be removed (read unplugged) from the network instantly.
* Employees to be trained to detect and protect against Phishing and other such scams.
* Antiviruses ensured to be in place and updated.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Sapience Analytics signs distribution agreement with Redington

Sapience Analytics and Redington said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.
- Advertisement -SAP Hana

Related Articles