During April, we have witnessed - among others - a discovery of an 18 years old “Redirect to SMB” vulnerability which can be used to attack all versions of Windows released since then. The vulnerability can be exploited in cases when attacker has some control over the network, enabling him to gain user login information by redirecting of network traffic to a malicious SMB (server message block) server. The server forces the target to automatic authorization process during which the target sends users login, domain and hashed password.
Next to this vulnerability an April discovery of a modern macro malware BALTEX. It spreads using phishing messages with a link to a page containing an infected Word document and instructions to enable macros. After the downloaded document is opened, the macro downloads a variant of DYRE banking malware.
It is also worth mentioning that the RSA conference was held at the end of April.