Microsoft may soon have to reflect on its stance that the use of an Office feature called DDE to execute code on compromised computers doesn’t merit a patch.
The SANS Internet Storm Center last night said the Necurs botnet has been spreading Locky ransomware using the DDE attack. Handler Brad Duncan said he had access to several dozen emails that are part of a spam campaign moving the ransomware. The emails contain one of three distinct Word document attachments spreading the malware and opting for the DDE technique rather than macros, which for more than a year have been the preferred means of downloading malware from a remote server.
Leave a reply