Quant Loader trojan spreads by url shortcuts.

walden, system, systems, accordion, backup, back, up, ransom, ware, ransomware, data, recovery, critical, protection, walden systems, virus, security, nas, network storage
The Accordion system converts ordinary external HD into a NAS box and enables you to backup data using any usb based storage device whether it is RAID, SATA, ATA, IDE, SSD, or even CF-card. Accordion backup appliance is a self contained device that can utilize any external storage for backing up data. You can utilize existing excess storage on existing workstations or servers. You can use existing NAS storage or you can use any usb based storage device. Accordion is agnostic when it comes to where it backs up to or what technology is used for backup.



     Security experts are warning of a new email phishing scam that downloads and launches the Quant Loader trojan that can install ransomware and steal passwords. Barracuda Networks has been looking into emails containing zipped Microsoft internet shortcut files with a ".url" file extension sent to millions of inboxes by a phishing campaign over the past month. If files are executed, it downloads a script and installs the Quant Loader malware onto the targeted system. Victims are tricked into clicking on unfamiliar file extensions in the emails, which appear to be billing documents. Emails have no text content and simply a subject line. These shortcut files is a variation of the CVE-2016-3353 , and contains links to JavaScript or Windows script files. In this case, the URL was prefixed with "file://" rather than "http://" which gets the scripts over Samba rather than through a web browser. The vulnerability is tied to Microsoft Internet Explorer 9 through 11 and is rated by the National Vulnerability Database as high severity. The vulnerability "mishandles .url files from the Internet zone, which allows remote attackers to bypass intended access restrictions via a crafted file, aka 'Internet Explorer Security Feature Bypass,'" according to the CVE description. Script files are downloaded and then downloads the Quant Loader trojan. The remote script files are heavily obfuscated, but it ends up downloading and running Quant Loader when allowed to execute.

     The Quant Loader trojan is sold on underground forums and allows buyers to configure their effect upon infection by a management panel. Quant Loader started selling on various underground forums in 2016, according to Forcepoint. The downloader has been used to spread the Locky Zepto crypto-ransomware and Pony malware family. It can escalate privileges, has an administrative control panel and supports downloading both EXEs and DLLs.