/ / / / / Hackers found a new method of hacking through Word files

Hackers found a new method of hacking through Word files

, , ,
According to the company Trustwave SpiderLabs, the network has a new type of computer viruses, hiding under the guise of text documents Word. It is distributed by e-mail. Such a method has been practiced by intruders for a long time, but the key feature of the virus was the complete absence of macros, which was not previously encountered.

 


Earlier, when you opened infected attachments, users saw warnings or pop-ups. In the case of a new virus, this does not happen. With the help of a virus, attackers can "take away" credentials from victim's email, FTP and browsers. The researchers noted the multi-level nature of the attack, comparing it with a turdaken - a festive dish in which a chicken is placed in a duck, and it, in turn, - into a turkey.

Word-Virus

Researchers at Trustwave said the virus uses a combination of methods that begin with an .DOCX embedding. Victims receive by e-mail various letters related to finance. All e-mails discovered by experts included an attachment named "receipt.docx".

The process of attack with four steps begins with opening the .DOCX file and launching the built-in OLE object containing links. This allows you to refer to external access to remote OLE objects. According to researchers, attackers use the fact that Word documents created with Microsoft Office 2007 use the Open XML format, which is based on XML technologies and ZIP archives. Therefore, such files can be easily manipulated programmatically or manually.

The second step is to use the Word file to start downloading the file with the RTF extension. The latter resorts to the vulnerability of the Office Equation Editor, closed by Microsoft in November last year. The third step is to decode the text inside the RTF file, which in turn runs the MSHTA command line, and it loads and opens the HTA file. The latter contains a script PowerShell, which performs malicious software Password Stealer. This virus steals credentials from e-mail, FTP and browser programs.


 

Experts noted an unusually large number of stages and scenarios used by this virus. In addition, DOCX, RTF, and HTA files are rarely blocked by mail or network gateways, unlike more obvious ones such as VBS, JScript, or WSF.

Do not forget, you should not open files received from unknown senders.

About Steven Perry

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.

4 Comments:

  1. Harun Khalid AdeizaFebruary 18, 2018 at 2:15 PM

    O my God 😰! We are yet to be Safe from theose bad hackers.. Ahh! What's their problem? Okay! Noted sir!
    Thanks for the info.

    ReplyDelete
  2. 6ixGunzFebruary 18, 2018 at 2:50 PM

    Hackers will always do their thing.
    Thanks for this info it is very helpful and we need to be extremely careful.

    ReplyDelete
  3. Haruna MustorphaFebruary 20, 2018 at 1:55 PM

    We will take this your info very seriously.. Hackers are everywhere now.. We will be extremely careful. Thanks

    ReplyDelete
  4. ZayyadFebruary 27, 2018 at 1:06 PM

    Hackers never sleep always working hard, thinking of possible methods of hacking, gonna be extremely careful thanks for the information

    ReplyDelete

Your comment and facebook share will be appreciated

Subscribe to: Post Comments ( Atom )