Dridex email campaign hits Australia: Patch your MS Office software now

Posted April 13, 2017

Researchers from security firms McAfee and FireEye warned that the malicious Word documents are being attached to e-mails, but didn't reveal the scope or ultimate objective of the campaign.

A previously undiscovered buy in Microsoft Word is being used by hackers to install malware on the computers of unsuspecting victims. "Once the file is opened, the code within connects to a remote server to download another file, this time a ".hta" file which is an executable HTML file. It turned out that the files were exploiting a vulnerability that affects "all Microsoft Office versions, including the latest Office 2016 running on Windows 10".

"During our testing (on Office 2010) the vulnerable system was fully exploited despite the fact that users were presented a dialog about the document containing "links that may refer to other files" [and] user interaction was not required".

"New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign that relied on this new exploit", deGrippo says.

Apple Turn iPhone 7 Red For Charity
The special edition (PRODUCT) RED iPhone possess similar features and details to that of the iPhone7 and iPhone7 Plus products. Apple is still the top player among the tablet makers, with a 21% share of the market, according to Strategy Analytics.

Ugandan Police arrest academic who criticised president's wife
Asked what happens if, indeed, Nyanzi is found to be mentally unstable, Nicholas Opio said, court might send her for treatment. Nyanzi is within her constitutional rights and we are for an all-out legal battle with the state to defend her rights".

Trump, Xi showdown fails to materialize at Mar-a-Lago
It has already tested nuclear weapons and South Korea's capital, Seoul, is in range of North Korean artillery. He said he thinks China will "want to be stepping up" in trying to deter North Korea's nuclear ambitions.

What has emerged is that a bug in Word apparently targeted by scammers has been used by scammers to steal banking logins, the Company is trying to patch the issue, Microsoft has said. You can use it to open attachments until Microsoft releases security fixes.

Until then, McAfee advises users to only run Office in Protected View mode as well as to refrain from opening "any Office files obtained from untrusted locations". Microsoft is now working on an official fix for the vulnerability.

To mitigate the security flaw, users should download the most recent patch from Microsoft. "The Microsoft HTA application loads and executes the malicious script", FireEye explains. "Once the vulnerability becomes known, a race begins for the developer, who must protect users". Both McAfee and FireEye stated that the feat can bypass most memory-based mitigations that are included in Windows. Researchers at Proofpoint said the malicious emails hit millions of users this week.

Still, people usually enable editing when prompted, so Protected View isn't as useful as it could be to stop the hack from happening. This is mainly because, according to McAfee, the malware can not bypass the said Microsoft Office feature. McAfee has been in contact with Microsoft and the company is expected to release an update to the anti-virus app that further closes the flaw this week for its habitual Patch Tuesday bug release, BBC has reported.