Spammers use hexadecimal IP addresses to evade detection

A spam group has picked up a pretty clever trick that has allowed it to bypass email filters and security systems and land in more inboxes than usual. The trick relies on a quirk inRFC791— a standard that describes the Internet Protocol (IP). Among the various technical details, RFC791 is also the standard that describes how IP addresses look.

We mostly know them in their most prevalent form of dotted-decimal address (for example, 192.168.0.1). However, IP addresses can also be written in three other formats: Octal – 0300.0250.0000.0001 (by converting each decimal number to the octal base)Hexadecimal – 0xc0a80001 (by convert each decimal number to hexadecimal)Integer/DWORD – 3232235521 (by converting the hexadecimal IP to integer)

Massive Malspam Campaign Targets Unpatched Systems

According to cybersecurity firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables macros, malware attempts to exploit an Adobe Flash Player bug (CVE-2018-4878)  patched by Adobe earlier this month.

 Victims who fall for the ploy could ultimately hand over control of their systems to an attacker, according to researchers.