Old Microsoft Office Feature Can Be Used To Launch Virus Attacks

Old Microsoft Office Feature Can Be Used to Launch Virus Attacks

Microsoft Office image

An old Microsoft Office can be used as an effective way to launch malware attacks against users worldwide. The discovery has been made by a team of security researchers that identified the hacker strategy.

Related Story: Hackers Devise Microsoft Office Infections via CVE-2017-0199 Exploit

Old Microsoft Office Feature Capable of Attacking Computers

One of the most popular tactics of distributing malware of all kinds is the use of infected documents. The majority of cases abuse macros scripts that are bundled in the most popular file formats and document types ‒ spreadsheets, rich text documents, presentations, databases and etc. However while most of them use the old and tested strategy of blackmail tactics to enable the execution of an infection sequence, security researchers uncovered another efficient tactic. It involves the use of an old Microsoft Office feature which can be used to deliver viruses of all kinds as well.

The newly devised tactic takes advantage of a function called Dynamic Data Exchange which executes code on the target computers. It has been devised by Microsoft to place data from one document to another via a code injection. Such case scenarios are used to dynamically update fields with data in corporate environments where such files can be linked over a network connection.

Related Story: Windows Defender Antivirus Bypass Technique Identified

DDE Feature in Microsoft Office Can Deliver Viruses

The DDE can be abused not just to swap data between the Microsoft Office applications but also to execute commands via a prompt. The security researchers uncovered that not only the feature allows for executable files to be run on the victim computers ,but also the notification prompts to be suppressed and replaced with a non-alarming generic messages. This attack scenario is also different from the well-known macro payloads as most of the DDE procedures are not scanned by most anti-virus products.

DDE’s abuse by criminals however has already been reported. Last year a criminal collective used a DDE infection as part of a complex multistage virus attack. The researchers who analyzed the infections and the made the vulnerability assessment reported that the DDE was specifically implemented to bypass anti-virus detection. At the moment computer criminals have not yet used this attack as a single source of attacks. We presume that once again it will be used in a complex sequence delivering different malware types.

The researchers that announced the discovery note that when they reported the security issue to Microsoft the company responded that the security implications are not of immediate concern and will be considered for an update when a next major version is being developed.

Computer users can protect themselves from such malware attacks by downloading and utilizing a quality anti-spyware solution. It can effectively remove active infections with a few mouse clicks.

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...