Malware now spreading via Word files without macros

Posted on Monday, November 13 2017 @ 7:45 CET by Thomas De Maesschalck
MS logo
Security researchers from Trend Micro warn that hacker group Fancy Bear is targeting Microsoft Office with a new attack that does not rely on macros.

The technique abuses Dynamic Data Exchange (DDE), a feature to execute code stored in another file and that also allows apps to send updates as new data becomes available. The method may allow the installation of malware without detection by anti-virus programs.
In a blog post published Tuesday, Trend Micro researchers said Fancy Bear was sending a document titled IsisAttackInNewYork.docx that abused the DDE feature. Once opened, the file connects to a control server to download a first-stage of piece of malware called Seduploader and installs it on a target's computer. DDE's potential as an infection technique has been known for years, but a post published last month by security firm SensePost has revived interest in it. The post showed how DDE could be abused to install malware using Word files that went undetected by anti-virus programs.
Before the malicious payload can be executed, users will have to click two warning screens in Office. Microsoft posted a security advisory over here, it includes some mitigation tips.

Via: ARS Technica

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews