Apparently, this document would try to exploit DDE so that it could run a remote HTML application. DDE refers to Dynamic Data Exchange, a mode of interprocess communication used by the Windows operating systems. Using DDE, a program could access items made available by a different program. For instance, a program could access a single cell in an MS Excel spreadsheet used by another program. Using DDE, the first program could even get notified whenever a change is made in that particular cell.
Though other modes of interprocess communication, like Object Linking and Embedding (OLE), is also used in computing, DDE is frequently used because of its simplicity. This means the malware threat Microsoft issued could affect a wide digital landscape.
Microsoft clarified that the use of HTA (HTML Application) in the new malware is different from previous a DDE-based malware that used Powershell.(Powershell refers to the task automation and configuration framework created by Microsoft. It also has an allied coding language that was made open source in August 2016.)
But the new malware uses a different strategy: it links to a URL that has the word “test” in it. According to MMPC, this link currently remains inaccessible. Microsoft’s current theory is that cybercriminals would distribute a functional version of the malware using a spam campaign in the days immediately prior to Black Friday. The company said that the Windows Defender AV would detect the malware as “Exploit:097M/DDEDownloader.E.” but it said nothing about whether other antivirus programs would be able to spot it too.
So, come Black Friday, shop to your heart’s content but be on the lookout for this particular threat in your digital devices.
BY DHINOJ DINGS ON 11/21/17 AT 11:36 PM
No comments:
Post a Comment