VERY IMPORTANT

This week, Proofpoint researchers observed the now infamous “man-in-the-browser” (MITB) banking malware Dyre experimenting with new ways to deliver spam attachments. These innovations included two significant changes in Dyre behavior: Dyre employed the spambot Gophe to send thousands of randomized documents (hashes and file names) per spam campaign The spammed attachments are using a RTF trick (or a feature of Windows OS) that allows dropping an executable – but not running it – simply by opening the RTF document