Security Alert: Hackers Exploiting Microsoft Word To Infect Computers With Malware
Be careful when you receive a suspicious email with a Word document attached to it. Opening it might infect your computer with malware.
Computer security experts have discovered a dangerous malware embedded in Microsoft Word documents. The hackers exploited a flaw in MS Word to embed the malware, which they spread via email. Antivirus company McAfee first reported about the attacks. Microsoft hasn't released any statement regarding the issue as of this writing.
Malware Exploits MS Word Zero-Day Vulnerability
According to McAfee, it discovered the attack when it noticed some suspicious Word files while doing its routine security sweep. It turned out that these files exploited a zero-day vulnerability in Microsoft Word to install a malware. The infected documents are spread via email.
A "zero-day vulnerability" is a security flaw in a software or OS that is unknown to the software developer or even antivirus makers. It means the vulnerability is not known by the public except for attackers who are exploiting it.
According to McAfee, the files used by attackers were organized as Word files, but the exploit works on all versions of Microsoft Office, including Office 2016 running on Windows 10, which is supposedly the safest Windows version. McAfee traced the attacks all the way to late January.
As to how the exploit works, McAfee wrote:
"The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim's machine."
Additionally, the attackers bypassed any memory-based mitigations, or the assessment and management of security threats. The attackers then spread the malware-infected documents via email.
The target of the email attacks was not specified by McAfee, although Proofpoint traced the attacks and discovered millions of recipients in organizations based in Australia. Proofpoint also disclosed that the malware was called Dridex, a dangerous banking malware that exploits Microsoft Office and once the computer is infected, it steals banking information of the user.
How to Protect Your Computer
McAfee advised users on how to prevent themselves from this malicious program while waiting for an official announcement and security patch from Microsoft (which McAfee has already notified).
McAfee told users not to open any Office files obtained from untrusted sources, especially from emails. Also, the attack cannot bypass the Protected View in Word, so McAfee suggested enabling this view mode when opening documents just to be sure.