A malware is malicious software designed to damage you computer system. Depending upon how a malware is designed, it can either directly carry out DDOS attack or steal passwords, keys or bitcoins wallets.
This malware has regained its roots after almost 2 years and is more powerful. It is fully featured and is capable of spreading numerous others malware’s. It is a advanced botnet malware which gets through the network via command and control servers over any anonymous network like Tor. It is active since 2016. This induced malware has been targeting telecommunication systems, insurance companies, IT companies and financial service firms.
What can this malware do?
- It can steal passwords stored in browsers or email clients;
- capable of stealing sensitive data, keylogs and crypto-currency wallet;
- carry out DOS or DDOS attack;
- execute additional plugins.;
- induce additional malware or spread them through spam mails;
- Crypto-currency mining.
According to a report published by FireEye, this malware campaign is exploiting three vulnerabilities in MS Office:
- .NET Framework Remote code execution (RCE) vulnerability : Microsoft had already released patch for this in September but it hasn’t been fixed yet. This happenes when .Net framework processes any input without any certainty, thereby giving control of the infected system to the hacker.
- Dynamic Data exchange protocol : This is an attack on the built in feature of the Microsoft office by giving control to the hacker to execute the code without enabling macros.
- Microsoft Office RCE Vulnerability: Its an old vulnerability which was already patched by Microsoft in November where attacker can execute malcious code without interacting with user.
How prone are you?
This malware campaign is spreading through phishing emails which contain any attachment of a Microsoft .doc file or any ZIP file consisting of numerous .doc files. A curious user may open it and once it is opened, malware would exploit Microsoft vulnerabilities and runs power shell based payload to infect his system.
The best practice to protect your organization or even your system is to be cautious about phishing mails and SPAM. You may inspect the mail but do not click on any undesired file sent via email.
THINK BEFORE YOU CLICK!
Image from here.