New Microsoft Word attacks infect PCs sans macros

0
1004

Enlarge (credit: Microsoft ) Fancy Bear, the advanced hacking group researchers say is tied to the Russian government, is actively exploiting a newly revived technique that gives attackers a stealthy means of infecting computers using Microsoft Office documents, security researchers said this week. Fancy Bear is one of two Russian-sponsored hacking outfits researchers say breached Democratic National Committee networks ahead of last year’s presidential election.  The group was recently caught sending a Word document that abuses a feature known as Dynamic Data Exchange. DDE allows a file to execute code stored in another file and allows applications to send updates as new data becomes available. In a blog post published Tuesday , Trend Micro researchers said Fancy Bear was sending a document titled IsisAttackInNewYork.docx that abused the DDE feature. Once opened, the file connects to a control server to download a first-stage of piece of malware called Seduploader and installs it on a target’s computer. DDE’s potential as an infection technique has been known for years, but a post published last month by security firm SensePost has revived interest in it. The post showed how DDE could be abused to install malware using Word files that went undetected by anti-virus programs. Read 6 remaining paragraphs | Comments

View post:
New Microsoft Word attacks infect PCs sans macros

LEAVE A REPLY

Please enter your comment!
Please enter your name here

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.