The Microsoft Word users in Australia are currently being advised to be careful, since malicious people use a zero-day that was made public during the weekend in order to spread the Dridex banking Trojan. According to the security company Proofpoint, they observed the document exploit being used in a huge email campaign and spreading Dridex. The exploit was also publicized by FireEye and McAfee.
What Happened Exactly?
Proofpoint declared that the Trojan malware was spread to millions of recipients in various organizations and companies in Australia. From what it seems until now, this was the main country of the attack, no other countries reporting this issue until now. In response, Microsoft has issued a patch for this particular vulnerability, whose details were reported by the iTWire website last Sunday.
What Does It Do?
The bug we’re talking about lets a malicious document in Word, which includes an OLE2link object, to get executed by the system running even the latest Windows version, Windows 10. After it gets executed, there is another malicious .hta file that is brought from a command server and it is run on the machine that is being used.
If you try to open the document and your system is vulnerable, you will see a dialog box and a message that says “This document contains link that refer to other files. Do you want to update this file with the data from the linked files?”.
According to Sherrod DeGrippo, who is the director for Emerging Threats at Proofpoint, we can see that people with bad intentions continue to adapt and to show their flexibility to the protection techniques companies set in place. However, attacks using document exploits are quite rare, since new and exploitable vulnerabilities gets patched pretty quick by all the companies. Even so, Microsoft came up with more updates for the products.