Monthly Archives: July 2014

Havex: Interesting in a Different Way


This entry was posted by on .

Lot’s of news recently about a resurgence of the Havex malware.  Here’s why (and why you should care)

‘Old’ Attack Vectors

There are a number of tried and true ways to get malware onto a target system, most common is via email.  The attacker sends an email to the target with a file and hopes the target opens that attachment.  There are a few tricks to this: Email Attachment
  1. Hope the target environment doesn’t block your attachment
  2. Because of point 1, attacker has to use malware embedded in a common file format, such as pdf/doc/xls
  3. Reliability of the malware reduces (as a result of point 2)
Attacker Used Spam!  It's Not Very Effective

Attacker Used Spam! It’s Not Very Effective

An alternate to plain attachment vectors is to insert a web link that sends the target to a malware infested domain.  A bit more sophisticated, this domain can now collect browser/system information and craft the malware page accordingly.  Attacker still has to rely on the target: Link to Malware Site
  1. Receive the email
  2. Recognize it’s not spam
  3. Click the link
  4. Interact with popups/alert boxes in order to install the malware

read more