01-18-2018 , 08:37 PM
http://news.softpedia.com/news/microsoft...9443.shtml Microsoft Office Vulnerabilities Targeted by Zyklon Malware to Steal Passwords
Spam campaign aimed at three different Office flaws
Jan 18, 2018 09:03 GMT · By Bogdan Popa · Share:
Unpatched computers running the Microsoft Office productivity suite are now being targeted by a wave of attacks based on the Zyklon malware, which can steal passwords and cryptocurrency wallet data.
Security company FireEye warns that these attacks are aimed at three different Office vulnerabilities, two of which have already been patched by Microsoft.
The first flaw is a .NET framework bug detailed in CVE-2017-8759 and which Microsoft fixed in October. The second is a remote code execution bug in the Microsoft Equation Editor (CVE-2017-11882) and was patched in November, while the third is an overly-discussed issue in Dynamic Data Exchange (DDE).
Microsoft says this third bug isn’t a security vulnerability per se, and a patch is not required, but instead the company published information to remain protected when this feature is used.
FireEye says the attacks are carried through emails that contain compromised DOC files trying to exploit the said vulnerabilities. Once launched, the document infects the host, allowing attackers to use all capabilities of the Zyklon malware, including stealing passwords stored in browsers, FTP connections, recover gaming keys, and harvest licenses for software developed by Adobe and Microsoft.
Attacks aimed at three different industries
Additionally, the malware can hijack the clipboard and steal Bitcoin data and can also set up a SOCKS5 server on the infected computer.
Zyklon was first detected in early 2016, but FireEye says most of the attacks are now aimed at three different industries, namely telecommunications, insurance, and financial services.
“The malware may communicate with its command and control (C2) server over The Onion Router (Tor) network if configured to do so. The malware can download several plugins, some of which include features such as cryptocurrency mining and password recovery, from browsers and email software. Zyklon also provides a very efficient mechanism to monitor the spread and impact,” the company says.
Staying protected shouldn’t be too hard because patches are already available, but users are also recommended to avoid opening documents from untrusted sources and keep security solutions up-to-date with the latest virus definitions.
#Microsoft#Microsoft Office#Zyklon#malware#Office vulnerabilities
Spam campaign aimed at three different Office flaws
Jan 18, 2018 09:03 GMT · By Bogdan Popa · Share:
Unpatched computers running the Microsoft Office productivity suite are now being targeted by a wave of attacks based on the Zyklon malware, which can steal passwords and cryptocurrency wallet data.
Security company FireEye warns that these attacks are aimed at three different Office vulnerabilities, two of which have already been patched by Microsoft.
The first flaw is a .NET framework bug detailed in CVE-2017-8759 and which Microsoft fixed in October. The second is a remote code execution bug in the Microsoft Equation Editor (CVE-2017-11882) and was patched in November, while the third is an overly-discussed issue in Dynamic Data Exchange (DDE).
Microsoft says this third bug isn’t a security vulnerability per se, and a patch is not required, but instead the company published information to remain protected when this feature is used.
FireEye says the attacks are carried through emails that contain compromised DOC files trying to exploit the said vulnerabilities. Once launched, the document infects the host, allowing attackers to use all capabilities of the Zyklon malware, including stealing passwords stored in browsers, FTP connections, recover gaming keys, and harvest licenses for software developed by Adobe and Microsoft.
Attacks aimed at three different industries
Additionally, the malware can hijack the clipboard and steal Bitcoin data and can also set up a SOCKS5 server on the infected computer.
Zyklon was first detected in early 2016, but FireEye says most of the attacks are now aimed at three different industries, namely telecommunications, insurance, and financial services.
“The malware may communicate with its command and control (C2) server over The Onion Router (Tor) network if configured to do so. The malware can download several plugins, some of which include features such as cryptocurrency mining and password recovery, from browsers and email software. Zyklon also provides a very efficient mechanism to monitor the spread and impact,” the company says.
Staying protected shouldn’t be too hard because patches are already available, but users are also recommended to avoid opening documents from untrusted sources and keep security solutions up-to-date with the latest virus definitions.
#Microsoft#Microsoft Office#Zyklon#malware#Office vulnerabilities