A legitimate feature in Microsoft Office that allows Word to load data from other documents is being exploited to push a new variant of the Locky ransomware. Victims are reportedly targeted with malspam messages via the infamous Necurs botnet.
Under the subject line “Emailed Invoice” followed by a string of random numbers, the malspam attack leverages Microsoft Dynamic Data Exchange (DDE). Distributed with the aid of the Necurs botnet, the exploit makes Microsoft Word display dialog messages that some users might dismiss reflexively, even though the dialogs contain security warnings.
Leave a reply