The Latest in IT Security

An (un)documented Word feature abused by attackers

18
Sep
2017
An (un)documented Word feature abused by attackers

6989426970_2257f42705_c

A little while back we were investigating the malicious activities of the Freakyshelly targeted attack and came across spear phishing emails that had some interesting documents attached to them. They were in OLE2 format and contained no macros, exploits or any other active content. However, a close inspection revealed that they contained several links to PHP scripts located on third-party web resources. When we attempted to open these files in Microsoft Word, we found that the application addressed one of the links. As a result, the attackers received information about the software installed on the computer.

Read More

Leave a reply


Categories

MONDAY, SEPTEMBER 24, 2018

Featured

Archives

Latest Comments

Social Networks