Upon exploitation, the malicious document then calls Windows Command Line which then calls msiexec.exe to download and silently install a malicious backdoor into the victims’ computer. The document tries hard to look like an invoice, but the embedded equation object (See Figure 13) stands out due to it having no value. In this case, they claim it to be from H&B Wire Fabrications ltd saying that a user has a remittance document. The rest of the scheme is rather predictable: Malware authors start by sending an email with a convincing argument that tricks users into opening a malicious attachment. By inserting a Microsoft Equation 3.0 object into the document (See Figures 10 and 11), users can create an equation such as (x+a)^n=∑_(k=0)^n▒〖(n¦k) x^k a^(n-k) 〗 which would be difficult using the normal character set of Microsoft Word. The embedded equation object does not have any values (Click to enlarge)ĬVE-2017-11882 comes in second and it relies on the Microsoft Equation 3.0 which allows user to create equations using known mathematical notation. This has far-reaching implications: Malware authors can create a document file capable of downloading and executing a file when it is opened and macros are enabled by the user. VBA therefore is capable of launching other applications on the host computer (see code listing below) or simply created dialog boxes. The introduction of Macros, also known as Visual Basic for Applications (VBA), gave users the power and the flexibility to create custom solutions. By 1994, had cornered 90 percent of the word processor market, making Microsoft Word a permanent fixture on most computers. Microsoft Word is one of the most recognizable products as far as Word Processors go, with a user base of well over 100 million commercial users as well as more than 27 million consumers for home and personal devices.Įven back in the 1990s, it was able to overcome its competitors like WordStar and WordPerfect by introducing features that would enhance the user experience when it comes to browsing and editing documents. With that in mind, let us look into one of the products that malware authors prefer to abuse when it comes to deploying malware: Microsoft Word. This is especially true if the job of that person includes opening and reviewing multiple documents (such as resumes or invoices) from their email inbox. They understand that the most sophisticated security system does not completely guarantee protection for the user. Why force your way into a house when you can trick the owner into letting you in? This concept has always been used by malware authors to gain access into their victims' computers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |