Lead Image © wamsler, 123RF.com

Protect yourself from infected MS Office files

Office Attacks

Attacks based on Office files have increased rapidly in the past few months. They seem to be far less harmless than ZIP or even EXE files in your mailbox, but when combined with a meaningfully worded email, users are too easily tempted to open the infected files. Although macros generally still need to be enabled, the Microsoft Word Intruder (MWI) attack uses unresolved vulnerabilities. Just opening the file compromises the computer.

The spread of malware or crimeware has not slowed down – on the contrary. Back in the early 1990s, the first tools that greatly facilitated the process of creating malicious code were released, opening this vector to beginners. Examples of this include the Virus Creation Laboratory (VCL) or the Phalcon-Skism Mass Produced Code Generator (PS-MPC), both still under MS-DOS. Nothing has changed here – just like then, new tools and kits are still published at regular intervals. The biggest difference compared with the 1990s is that now the kits are used for one main reason: to make money. There's a huge market in this area, and malware – or complete construction kits – are now delivered to order.

Consider, for example, the MWI exploit and crimeware kit. The "Malware Creation Kit" developed in Russia gives users the ability to manipulate Word documents so that just opening them is sufficient to infect a Windows system with malicious code. In the past, the following well-known vulnerabilities were exploited for this purpose: CVE-2012-0158, CVE-2013-3906, CVE-2014-1761 (Figure 1). Today, however, an exploit that Microsoft actually closed in April 2015 (CVE-2015-1641) that targets a vulnerability in Microsoft Office is increasingly being used.

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia