An old Microsoft Office can be used as an effective way to launch malware attacks against users worldwide. The discovery has been made by a team of security researchers that identified the hacker strategy.
Old Microsoft Office Feature Capable of Attacking Computers
One of the most popular tactics of distributing malware of all kinds is the use of infected documents. The majority of cases abuse macros scripts that are bundled in the most popular file formats and document types ‒ spreadsheets, rich text documents, presentations, databases and etc. However while most of them use the old and tested strategy of blackmail tactics to enable the execution of an infection sequence, security researchers uncovered another efficient tactic. It involves the use of an old Microsoft Office feature which can be used to deliver viruses of all kinds as well.
The newly devised tactic takes advantage of a function called Dynamic Data Exchange which executes code on the target computers. It has been devised by Microsoft to place data from one document to another via a code injection. Such case scenarios are used to dynamically update fields with data in corporate environments where such files can be linked over a network connection.
DDE Feature in Microsoft Office Can Deliver Viruses
The DDE can be abused not just to swap data between the Microsoft Office applications but also to execute commands via a prompt. The security researchers uncovered that not only the feature allows for executable files to be run on the victim computers ,but also the notification prompts to be suppressed and replaced with a non-alarming generic messages. This attack scenario is also different from the well-known macro payloads as most of the DDE procedures are not scanned by most anti-virus products.
DDE’s abuse by criminals however has already been reported. Last year a criminal collective used a DDE infection as part of a complex multistage virus attack. The researchers who analyzed the infections and the made the vulnerability assessment reported that the DDE was specifically implemented to bypass anti-virus detection. At the moment computer criminals have not yet used this attack as a single source of attacks. We presume that once again it will be used in a complex sequence delivering different malware types.
The researchers that announced the discovery note that when they reported the security issue to Microsoft the company responded that the security implications are not of immediate concern and will be considered for an update when a next major version is being developed.
Computer users can protect themselves from such malware attacks by downloading and utilizing a quality anti-spyware solution. It can effectively remove active infections with a few mouse clicks.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: