Word-based Malware Attack Doesn’t Use Macros

Minimalist · Feb 15, 2018

Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free.

The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to research published Wednesday by Trustwave’s SpiderLabs. When opening attachments, there are no warnings or pop-ups alerting victims, researchers said.

The attack uses malicious Word attachments that activate a four-stage infection process that ultimately exploits the Office Equation Editor vulnerability (CVE-2017-11882), patched last year by Microsoft. The payload is designed to steal credentials from the victim’s email, FTP and browsers.
Click to expand...

https://threatpost.com/word-based-malware-attack-doesnt-use-macros

Rasheed187 · Feb 18, 2018

Simply block MS Office from running certain system processes and block it from making outbound connections, problem solved. A tool like OSArmor will most likely easily block this attack.

wat0114 · Feb 18, 2018

Rasheed187 said: ↑

Simply block MS Office from running certain system processes and block it from making outbound connections, problem solved.
Click to expand...

Right, and also keep patched, since this exploits a CVE from 2017. Even just utilizing built-in O/S features will defeat so many of these exploits, but most authors, not this one, will instead try to sell you their latest anti-malware solution to keep you protected

Log in or Sign up

Word-based Malware Attack Doesn’t Use Macros

Minimalist Registered Member

Rasheed187 Registered Member

wat0114 Registered Member

Log in or Sign up

Word-based Malware Attack Doesn’t Use Macros

Minimalist Registered Member

Rasheed187 Registered Member

wat0114 Registered Member

Useful Searches