the zero day gap in Proofpoint of million emails with prepared documents that have been sent to numerous organisations in Australia. From the flaw affected all versions of Office is Windows 10 Office 2016 underis used intensively, to spread the Dridex banking Trojan. The security company reported
the backers of Dridex botnet typically rely on attached documents with macros to spread their malicious software to explain the security researcher. They are instructed but careless clicking receiver, which inadvertently install malicious software on their devices. With the zero-day hole they have it much easier, until it is resolved. While they use the vulnerability with a specially prepared document in rich text format (RTF) with DOC extension.
the mails of the observed campaign seem to come up with fake sender as dokumente@[empfänger] from the domain of the recipient. You have the subject “Scan Data” and transport attachments such as “Scan_123456.doc”. More trouble with social engineering be the attackers in this case, but apparently only as quickly as possible to exploit the security hole.
the vulnerability is not used on macro scripts via an embedded OLE object, which automatically comes to run, when the recipient opens the file. If the exploit is successful, it provides for the installation of Dridex botnet ID 7500. The safety experts tested that, for example, on Office 2010, where it came to a complete compromise. Users have been made although aware of contained links, which may refer to other files – but then a further user-interaction was no longer required.
Microsoft has already announced a security patch, which should be still available. Due to the broad and effective attack opportunities Proofpoint users and organizations strongly recommends to apply the patch as soon as possible.
the Dridex botnet distributed some antivirus software Avira instead of banking malware . It resisted police actions which international security authorities while temporarily curb the botnet, but not completely turn off to .