A large e-mail campaign spreading the Dridex trojan horse using a new Microsoft Word exploit has been detected. The threat takes advantage of a bug in Microsoft Word which enables attackers to hack a computer via an RTF type of file. These type of attacks include the concealing of malicious code. When this code is activated the virus connects to server of the cyber-criminals and then downloads the malicious files on the infected computer.
In addition to this, researchers at the company Proofpoint claim that the bug includes multiple different spam e-mails massively sent all over the world, despite the fact that the virus infected users form the southern hemisphere more.
Proofpoint have also reported that Dridex spammers previously had relied on macros and hidden documents in macros which convince victims that they need to open the attachment and look up what is In it. And the vulnerability is oriented exactly towards this type of attack, however relying on a new zero-day exploit to conduct it.
A patch has been created to fix this vulnerability, Microsoft researchers report. The patch is included in the latest Microsoft Office update and users are strongly advised to update swiftly. But since we live in a dynamic world, it is not known what types of other vulnerabilities exist out there and are yet to be discovered, so we strongly suggest all users to safely store their data in multiple copies and be extremely cautions what information they share online.