Scrapbook 7 - Cleverly Hidden Hacks
Booby-trapped Word documents in the wild exploit critical Microsoft 0-day by Dan Goodin of Ars Technica (PDF archive)Summary
Initially reported by the McAfee security firm, a new 0-day attack was found that targeted Microsoft Word users. The attack was executed by the attacker emailing a malicious Word document to the targeted party, or parties. When the Word document was opened, it would connect to another server and download an HTML file (that appears to be of Microsoft's Rich Text Format type), which is then executed, as .hta is executable. This is what gave the attackers complete access to the victim's machine. Their trackers were covered to the victims by opening another regular appearing document of Word format once the code had completed executing. The execution downloaded code from various "well-known malware families." Reportedly, the first known attack was in January of this year (~4 months ago).Reason Chosen
I find the idea of these commands, or similar, being run on my own computer based on my own actions unnerving and horrifying. It's also really interesting how clever the people that set up these attacks are. It's additionally notable, and a good reminder, that no matter the size and reputation of a company, they are not immune to these kinds of vulnerabilities.Ethical Implications and Personal and Social Values at Stake
This attack worked on Windows 10, which is supposed to be the most secure Microsoft operating system known to date. Using this operating system may make users more comfortable with downloading unknown attachments from those on the internet. However, it is the now recipient's job to stay alert, not trusting anything sent by email. This can be a lot of pressure for those that use a computer and email with the assumption that nothing is going to target them directly. It may additionally be a burden for those that aren't familiar or are unaware of these kinds of attacks.According to this article, Microsoft Word has a protected view option that will not allow the initial connection to be run and would prevent this attack from happening. It sounds like the best option, even after the patch has been applied to one's computer, to always default to opening new documents using this feature.
Source Credibility
Ars Technica is a publication geared toward those interested in technology. It was started in the late 1990s and has become a trusted source for technology and related policy news. Ars Technica was acquired by Advance, the parent company of Conde Nast, in 2008 and has since expanded to the UK.Dan Goodin works as a Security Editor for Ars Technica. He holds a masters degree in journalism from UC Berkley and has been working in journalism for the last 15 years.
No comments:
Post a Comment