1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Malicious HTA File Download

Web Attack: Malicious HTA File Download

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects payload activity of metasploit web delivery module.

Additional Information

The attacker fires up a web server that serves a payload, when an attacker has physical access to the target machine, a simple command can load a waiting payload in a remote server via HTTP. This payload is loaded in memory and does not write to the disk so it potentially evade AV detections.

Affected

  • Multipile
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube