- Joined
- Jun 13, 2020
- Messages
- 7,846
- Reaction score
- 923
- Points
- 212
- Awards
- 2
several months back we reported how opening a simple MASTER OF SCIENCE Word file could endanger your personal computer utilizing a critical susceptability in Microsoft Office.
The Microsoft Office remote code execution vulnerability (CVE-2017-0199) stayed in the Windows Subject Linking and Embedding (OLE) interface for which a patch was issued in April this coming year, but danger actors continue to be abusing the flaw through different means.
Security researchers have seen a new malware plan that is leveraging the same exploit, but also for the first time, hidden at the rear of a specially crafted PowerPoint (PPSX) Presentation file.
Matching to the researchers at Trend Micro, who seen the malware campaign, the targeted attack depends on a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies active in the electronics manufacturing industry.
Experts believe this attack entails the use of a sender address disguised as a legitimate email dispatched by a sales and billing department.
Here's Just how the Attack Works:
The complete attack scenario is listed below:
Step you: The attack starts with a message that consists of a malicious PowerPoint (PPSX) file in the add-on, pretending to be shipping and delivery information about an order request.
Step 2: When executed, the PPSX record calls an XML data file programmed in it to download "logo. doc" data file from a web-based location and runs it via the PowerPoint Show animated graphics feature.
Step 3: The malformed Logo. doc record then triggers the CVE-2017-0199 vulnerability, which downloads and executes RATMAN. exe on the targeted system.
Stage 4: RATMAN. exe is a Trojanized version of the Remcos Remote Control tool, which when installed, allows attackers to regulate afflicted computers from its command-and-control server remotely.
Remcos is a legitimate and personalized remote access tool that allows users to control their system from everywhere in the world with some capabilities, just like a down load and execute the order, a keylogger, a display screen logger, and recorders for both webcam and mic.
Since the exploit is employed to deliver infected High Text File (. RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. Therefore, the use of a new PPSX files allows opponents to evade antivirus diagnosis as well.
The simplest way to prevent yourself completely from this assault is to download and apply patches released by Microsoft in April that will address the CVE-2017-0199 vulnerability.
The Microsoft Office remote code execution vulnerability (CVE-2017-0199) stayed in the Windows Subject Linking and Embedding (OLE) interface for which a patch was issued in April this coming year, but danger actors continue to be abusing the flaw through different means.
Security researchers have seen a new malware plan that is leveraging the same exploit, but also for the first time, hidden at the rear of a specially crafted PowerPoint (PPSX) Presentation file.
Matching to the researchers at Trend Micro, who seen the malware campaign, the targeted attack depends on a convincing spear-phishing email attachment, purportedly from a cable manufacturing provider and mainly targets companies active in the electronics manufacturing industry.
Experts believe this attack entails the use of a sender address disguised as a legitimate email dispatched by a sales and billing department.
Here's Just how the Attack Works:
The complete attack scenario is listed below:
Step you: The attack starts with a message that consists of a malicious PowerPoint (PPSX) file in the add-on, pretending to be shipping and delivery information about an order request.
Step 2: When executed, the PPSX record calls an XML data file programmed in it to download "logo. doc" data file from a web-based location and runs it via the PowerPoint Show animated graphics feature.
Step 3: The malformed Logo. doc record then triggers the CVE-2017-0199 vulnerability, which downloads and executes RATMAN. exe on the targeted system.
Stage 4: RATMAN. exe is a Trojanized version of the Remcos Remote Control tool, which when installed, allows attackers to regulate afflicted computers from its command-and-control server remotely.
Remcos is a legitimate and personalized remote access tool that allows users to control their system from everywhere in the world with some capabilities, just like a down load and execute the order, a keylogger, a display screen logger, and recorders for both webcam and mic.
Since the exploit is employed to deliver infected High Text File (. RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. Therefore, the use of a new PPSX files allows opponents to evade antivirus diagnosis as well.
The simplest way to prevent yourself completely from this assault is to download and apply patches released by Microsoft in April that will address the CVE-2017-0199 vulnerability.
