I discuss my first real-world encounter with the SocGholish drive-by download malware, and then go on to analyse its impact, how it works and how our defenses managed to thwart the second stage of the attack.

An HTML file containing obfuscated Javascript was sent via a spear phishing email campaign lately. Although the phish isn’t the most sophisticated out there…