Dridex email campaign hits Australia: Patch your MS Office software now

Posted April 13, 2017

Researchers from security firms McAfee and FireEye warned that the malicious Word documents are being attached to e-mails, but didn't reveal the scope or ultimate objective of the campaign.

A previously undiscovered buy in Microsoft Word is being used by hackers to install malware on the computers of unsuspecting victims. "Once the file is opened, the code within connects to a remote server to download another file, this time a ".hta" file which is an executable HTML file. It turned out that the files were exploiting a vulnerability that affects "all Microsoft Office versions, including the latest Office 2016 running on Windows 10".

"During our testing (on Office 2010) the vulnerable system was fully exploited despite the fact that users were presented a dialog about the document containing "links that may refer to other files" [and] user interaction was not required".

"New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign that relied on this new exploit", deGrippo says.

Airstrike on Syrian town hit by chemical weapons kills 1
Before the statement's release, Iranian President Hassan Rouhani denounced the "flagrant U.S. aggression on Syria". The Sunni rulers of Saudi Arabia are in a power struggle for regional dominance with Iran's Shiite government.

AUDIO: Royals Silent In Home Opener
Monday's ceremony included a saxophonist playing "Amazing Grace" and several of Ventura's teammates laying a banner on the mound. We just have to play for him. "The wind was blowing out so hard and ball hit that high, it just took off".

One For Arthur wins Grand National at 14-1
He added: "The racecourses here in Scotland, they are the best administered, the best racecourses I've ever come across". Derek Fox rode 14-1 shot One For Arthur to victory in the 170th running of the Grand National.

What has emerged is that a bug in Word apparently targeted by scammers has been used by scammers to steal banking logins, the Company is trying to patch the issue, Microsoft has said. You can use it to open attachments until Microsoft releases security fixes.

Until then, McAfee advises users to only run Office in Protected View mode as well as to refrain from opening "any Office files obtained from untrusted locations". Microsoft is now working on an official fix for the vulnerability.

To mitigate the security flaw, users should download the most recent patch from Microsoft. "The Microsoft HTA application loads and executes the malicious script", FireEye explains. "Once the vulnerability becomes known, a race begins for the developer, who must protect users". Both McAfee and FireEye stated that the feat can bypass most memory-based mitigations that are included in Windows. Researchers at Proofpoint said the malicious emails hit millions of users this week.

Still, people usually enable editing when prompted, so Protected View isn't as useful as it could be to stop the hack from happening. This is mainly because, according to McAfee, the malware can not bypass the said Microsoft Office feature. McAfee has been in contact with Microsoft and the company is expected to release an update to the anti-virus app that further closes the flaw this week for its habitual Patch Tuesday bug release, BBC has reported.