Wednesday, 18 October 2017
Latest news
Main » Microsoft Office Zero-Day Used to Push Dridex Banking Trojan

Microsoft Office Zero-Day Used to Push Dridex Banking Trojan

13 April 2017

Researchers from McAfee were first to discover the bug with, security firm FireEye also reporting on the issue.

In the blog post McAfee explains: "The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an.hta file".

"The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office".

FireEye confirmed that its researchers had shared details of the vulnerability with Microsoft and had been working with the tech giant for several weeks in request for public disclosure along with the release of a patch by the company.

Microsoft also released additional updates for vulnerabilities in its products overnight, as part of its monthly security updates.

In the meantime, users should be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.

Ski industry sees another big consolidation with Aspen deal
Canadian Mountain Holidays, the largest heliskiing operation on Earth, will be acquired by the Aspen Skiing Co. and KSL, too. The deal is subject to regulatory approval; Intrawest says it expects to close the deal by the third quarter of this year.

When contacted by eWEEK's Sean Michael Kerner, a Microsoft spokesperson said a patch was set to arrive on April 11. To the user, the HTA file appears as a Microsoft Rich text document with a.doc extension.

Two cybersecurity firms have uncovered vulnerabilities in Microsoft Office files that have allowed hackers to install malware through Word documents.

As per our previous coverage, it was known that the vulnerability was being actively exploited by at least three separate attackers. In a blog post, the anti-virus company also said that the unsafe malware attack is possible due to Microsoft's OLE (Object, Linking, and Embedding) technology, TNW has reported.

The emails use spoofed email domains and attachments that pretend they are scanned documents to lure users into opening them.

The attack bypasses most exploit mitigation measures, including those contained in Windows 10, Microsoft's most secure operating system. Proofpoint also disclosed that the malware was called Dridex, a unsafe banking malware that exploits Microsoft Office and once the computer is infected, it steals banking information of the user. Once the user has opened the files, their PC will automatically download contained HTM application that enables criminals to have a full access on the user's machine.

"According to our tests, this active attack can not bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled".

Microsoft Office Zero-Day Used to Push Dridex Banking Trojan