A new infected document forces Word to download malware

while Microsoft he managed to enter various protection mechanisms in the Office package, the truth is than infections through its main components (con Word y Excel a la cabeza) never abandoned the scene completely. McAfee teams and FireEye reported this weekend a new vulnerability 0-day that apparently all versions of Word. All an attacker needs to take advantage of this bug is a document in RTF format which forces Word to download an HTML application (.) HTA) which in turn installs malware in the background.

the concept of the ‘Trojan horse’ is one of the oldest to infect a computer. The user thinks that a file meets specific function or has a specific format, and when you click double… is the surprise. Unfortunately, common sense has limits, there is the possibility that the infected file comes through a contact of confidence, who has no idea about his involuntary involvement in the distribution of malware . This is very common among users who depend on the Office package of tools like . A large proportion of infections via Word and Excel require activation of macros or other mechanism, but the last bug detected in circulation has proven to be much more robust.

so is hidden this attack

McAfee and FireEye reported during the weekend a new series of attacks involving a document in RTF format . The document contains an OLE object, and once opened, Word proceeds to download an HTML application [19459005](con extensión.hta) from a remote server. From there, the .hta file executes the malicious script, and in an attempt to hide their actions presented to the user false document, as if nothing strange had happened. The most striking is that this attack manages to pass through all the existing protections [19459005](aún si el usuario trabaja en Windows 10), runs on all versions of Word, and requires the above activation of macros.

the FireEye team stayed in contact with Microsoft several weeks, and they agreed not to publish data on the 0-day until the patch is ready, but McAfee won them hand indicating that the first attacks were recorded in late January. Ideally, do not open documents that come to us from unreliable sources, but what McAfee and FireEye recommend (ael menos hasta que se aplique el hotfix) is open content using the protected view feature.

Leave your vote

0 points

Downvote Upvote

Total votes: Upvotes

6: 3

Upvotes percentage: 50.000000%

Downvotes: 3

Downvotes percentage: 50.000000%

Be the first to comment

Leave a Reply