• For Enquiry
  • 847-868-9253
  • 847-868-9208
  • Home
  • Why Choose CIO Landing?
    • Our Team
    • Success Stories
    • ‘8 Things’ We Do Better
    • Partners & Certifications
    • Our Services
  • Industry Expertise
    • Manufacturing
    • Medical
    • Education
    • Financial Services
    • Non-Profit
    • Law Firms
  • IT Solutions
    • Co-Managed Service
    • Managed IT Services
    • IT Support
      • On Demand Services
      • Office Moves & Wiring
      • Security
    • Server Management
    • Backup & Disaster Recovery
    • Cloud Services
    • CIO & IT Consulting
    • Cybersecurity Services
    • VoIP
    • Managed Firewall
    • Microsoft 365
      • Microsoft 365 Plans
        • Small Business
        • Enterprise
        • Education
    • Hardware & Software Sales
    • Email & Spam Protection
  • Resources
    • Free Copy Of New Book
    • Blog
    • Newsletter
    • Video Tips
      • Video Tips Archive
    • Free Cloud Report
    • IT Buyers Guide
    • Cybersecurity Crisis Report
    • Network Audit
    • COVID 19 Resources
    • In The NEWS
    • Online Training
  • About Us
    • Our Mission
    • Leadership
    • Teams
    • Referral Program
    • Press Releases
      • CIO Landing: More Than Just an IT
      • Small businesses can have an IT department too
      • CIO Landing, Inc. has joined forces with Banc Certified Merchant Services (BCMS).
    • Affiliations
    • Careers
      • Job Descriptions
    • FAQs
    • Causes We Support
    • Privacy Policy
    • Terms & Conditions
  • Locations
    • Northfield, IL
    • Northbrook, IL
    • Chicago, IL
    • Miami, FL
  • Support
✕
New HEH Botnet Malware Can Destroy Devices It Attacks
October 14, 2020
Microsoft And HP Partnering For Better Laptop Battery Health
October 16, 2020

Kraken Malware Uses Microsoft Windows Error Reporting To Exploit System

October 15, 2020

Hackers are relentless when it comes to testing the boundaries of software for potential weaknesses to exploit.

It seems that an unknown group of hackers has found a new one.  Based on what researchers at Malwarebytes are seeing, a group of hackers has developed a new fileless attack technique designed to abuse Microsoft’s WER (Windows Error Reporting) service. They did this in order to slip unnoticed past whatever detection protocols are in place on the target system.

As with so many other attacks, this one relies on phishing techniques, with an email sent to an unsuspecting employee with access to the network the group wants to infiltrate. The researchers found the malicious file packaged in a .ZIP file and bearing the title “Compensation Manual.doc” with the body of the email claiming that the poisoned document contains detailed information relating to worker compensation rights.

Naturally, the document contains no such information. It does, however, contain a macro designed to load “Kraken.dll” into memory and execute it by way of VBScript. Once that happens, the binary will inject an embedded shellcode into WerFault.exe, which is a part of the aforementioned Windows Error Reporting System.

Here’s what the research team had to say about it:

“That reporting service, WerFault.exe, is usually invoked when an error related to the operating system, Windows features, or applications happens. When victims see WerFault.exe running on their machine, they probably assume that some error happened, while in this case they have actually been targeted in an attack.”

Unfortunately, little else is known about the malicious code at this time, which the research team has dubbed “Kraken.” It’s designed to terminate if indications of analytic activities are detected, and there’s nothing in the code that clearly marks it as being the design of one of the well-known, well-established threat groups. This one’s sneaky and difficult to detect. Make sure your IT staff is aware of the threat.

Share
16
taylor
taylor

Related posts

March 10, 2025

The Hidden Threat: How Gift Card Scams Are Targeting Businesses Like Yours

Read more
February 11, 2025

CIO Landing Named to CRN’s MSP 500 List for 2025—For the Third Year in a Row!

Read more
December 4, 2024

Unlocking the Power of Windows 11: Tips for Maximum Productivity

Read more
© 2025 All Rights Reserved | Powered by CIO Landing