Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks - Tech Office - Latest Hacking News,IT Security News and Cyber Security

This Blog is protected by DMCA.com

Navigation

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns.

Last week we reported how hackers could leveraging an old Microsoft Office feature called Dynamic Data Exchange (DDE), to perform malicious code execution on the targeted device without requiring Macros enabled or memory corruption.

DDE treaty is one of the individual designs that Microsoft uses to allow two running applications to share the same data.

The protocol is being used by thousands of apps, including MS Excel, MS Word, Quattro Pro, and Visual Basic for one-time data transfers and for continuous exchanges for sending updates to one another.

The DDE exploitation design promotes no "security" signs to sufferers, except asking them if they want to execute the application specified in the command—although this popup alert could also be eliminated "with proper syntax modification.

on after the details of DDE attack technique went public, Cisco's Talos threat research group published a report about an attack campaign actively exploiting this attack technique in the wild to target several organizations with a lifeless remote access trojan (RAT) called DNSMessenger.






Necurs Botnet Using DDE Attack to Spread Locky Ransomware


Now, hackers have been found using the Necurs Botnet—malware that currently controls over 6 million infected computers worldwide and sends millions of emails—to distribute Locky ransomware and TrickBot banking trojan using Word documents that leverage the newly discovered DDE attack techniquereported SANS ISC.

Locky ransomware hackers previously relied on macros-based booby-trapped MS Office documents, but now they have updated the Nercus Botnet to deliver malware via the DDE exploit and gain an ability to take screenshots of the desktops of victims.

"What’s interesting about this new wave is that the downloader now contains new functionality to gather telemetry from victims," Symantec said in a blog post
"It can take screen grabs and send them back to a remote server. There’s also an error-reporting capability that will send back details of any errors that the downloader encounters when it tries to carry out its activities."

Hector Malware Using DDE Attack

 Another separate malware spam campaign discovered by security researchers has also been found distributing Hancitor malware (also known as Chanitor and Tordal) using Microsoft Office DDE exploit.

Hector is a downloader that installs malicious payloads like Banking Trojans, data theft malware and Ransomware on infected machines and is usually delivered as a macro-enabled MS Office document in phishing emails.

How to Protect Yourself From Word DDE Attacks?

Since DDE is a Microsoft's legitimate feature, most antivirus solutions do not flag any warning or block MS Office documents with DDE fields, neither the tech company has any plans of issuing a patch that would remove its functionality.

So, you can protect yourself and your organization from such attacks by disabling the "update automatic links at open" option in the MS Office programs.

To do so, Open Word → Select File → Options → Advanced and scroll down to General and then uncheck "Update Automatic links at Open."

However, the best way to protect yourself from such attacks is always to be suspicious of any uninvited document sent via an email and never click on links inside those documents unless adequately verifying the source.
Source -THK
Share

Osman

Osman Gani is the Chief Seo Expert and the Founder of ‘Tech Office’. He has a very deep interest in all current affairs topics whatsoever. Well, he is the power of our team and he lives in India. who loves to be a self-dependent person. As an author, I am trying my best to improve this platform day by day. His passion, dedication and quick decision-making ability make him stand apart from others.

Post A Comment:

0 comments: