Influenza A virus subtype H5N1 few months dorsum nosotros reported how opening a uncomplicated MS Word file could compromise your reckoner using a critical vulnerability inward Microsoft Office.
The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided inward the Windows Object Linking as well as Embedding (OLE) interface for which a patch was issued inward Apr this year, only threat actors are yet abusing the flaw through the dissimilar mediums.
Security researchers bring spotted a novel malware drive that is leveraging the same exploit, only for the outset time, hidden behind a peculiarly crafted PowerPoint (PPSX) Presentation file.
According to the researchers at Trend Micro, who spotted the malware campaign, the targeted assail starts amongst a convincing spear-phishing e-mail attachment, purportedly from a cable manufacturing provider as well as mainly targets companies involved inward the electronics manufacturing industry.
Researchers believe this assail involves the purpose of a sender address disguised equally a legitimate e-mail sent past times a sales as well as billing department.
The consummate assail scenario is listed below:
Step 1: The assail begins amongst an e-mail that contains a malicious PowerPoint (PPSX) file inward the attachment, pretending to move transportation information virtually an companionship request.
Step 2: Once executed, the PPSX file calls an XML file programmed inward it to download "logo.doc" file from a remote place as well as runs it via the PowerPoint Show animations feature.
Step 3: The malformed Logo.doc file thence triggers the CVE-2017-0199 vulnerability, which downloads as well as executes RATMAN.exe on the targeted system.
Step 4: RATMAN.exe is a Trojanized version of the Remcos Remote Control tool, which when installed, allows attackers to command infected computers from its command-and-control server remotely.
Remcos is a legitimate as well as customizable remote access tool that allows users to command their organisation from anywhere inward the basis amongst about capabilities, similar a download as well as execute the command, a keylogger, a hide logger, as well as recorders for both webcam as well as microphone.
Since the exploit is used to deliver infected Rich Text File (.RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. So, the purpose of a novel PPSX files allows attackers to evade antivirus detection equally well.
The easiest agency to forestall yourself completely from this assail is to download as well as apply patches released past times Microsoft inward Apr that volition address the CVE-2017-0199 vulnerability.
The Microsoft Office remote code execution vulnerability (CVE-2017-0199) resided inward the Windows Object Linking as well as Embedding (OLE) interface for which a patch was issued inward Apr this year, only threat actors are yet abusing the flaw through the dissimilar mediums.
Security researchers bring spotted a novel malware drive that is leveraging the same exploit, only for the outset time, hidden behind a peculiarly crafted PowerPoint (PPSX) Presentation file.
According to the researchers at Trend Micro, who spotted the malware campaign, the targeted assail starts amongst a convincing spear-phishing e-mail attachment, purportedly from a cable manufacturing provider as well as mainly targets companies involved inward the electronics manufacturing industry.
Researchers believe this assail involves the purpose of a sender address disguised equally a legitimate e-mail sent past times a sales as well as billing department.
Here's How the Attack Works:
The consummate assail scenario is listed below:
Step 1: The assail begins amongst an e-mail that contains a malicious PowerPoint (PPSX) file inward the attachment, pretending to move transportation information virtually an companionship request.
Step 2: Once executed, the PPSX file calls an XML file programmed inward it to download "logo.doc" file from a remote place as well as runs it via the PowerPoint Show animations feature.
Step 3: The malformed Logo.doc file thence triggers the CVE-2017-0199 vulnerability, which downloads as well as executes RATMAN.exe on the targeted system.
Step 4: RATMAN.exe is a Trojanized version of the Remcos Remote Control tool, which when installed, allows attackers to command infected computers from its command-and-control server remotely.
Remcos is a legitimate as well as customizable remote access tool that allows users to command their organisation from anywhere inward the basis amongst about capabilities, similar a download as well as execute the command, a keylogger, a hide logger, as well as recorders for both webcam as well as microphone.
Since the exploit is used to deliver infected Rich Text File (.RTF) documents, most detection methods for CVE-2017-0199 focuses on the RTF. So, the purpose of a novel PPSX files allows attackers to evade antivirus detection equally well.
The easiest agency to forestall yourself completely from this assail is to download as well as apply patches released past times Microsoft inward Apr that volition address the CVE-2017-0199 vulnerability.
Share This :
comment 0 Comments
more_vert