ISMInjector Trojan
ISMInjector is a trojan that injects malware into legitimate processes and has anti-analysis capabilities to avoid detection.
Currently a spear phishing campaign is used to deliver the trojan on a user’s system. The attackers send malicious .zip files that attempt to run in Microsoft Word. The macro in the Word documents will run a PowerShell command that will begin the process of installing ISMInjector via the CVE-2017-0199 vulnerability.
Affected Platforms:
- Microsoft Office 2007 (SP3), 2010 (SP2), 2013 (SP1) and 2016
- Microsoft Windows Vista SP2
- Windows Server 2008 SP2
- Windows 7 SP1
- Windows 8
To prevent and detect a trojan infection, ensure that:
- A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
- All operating systems, antivirus and other security products are kept up to date.
- All day to day computer activities such as email and internet are performed using non-administrative accounts.
- Strong password policies are in place and password reuse is discouraged.
- Network, proxy and firewall logs should be monitored for suspicious activity.
- User accounts accessed from infected machines should be reset on a clean computer.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.