Microsoft Malware Protection Centre (MMPC) issued a warning Tuesday regarding a malware attack linked to Black Friday. In a tweet, they termed a malicious document called “eMAG- Catalog Oferta Black Friday2017.doc” as the threat.
Apparently, this document would try to exploit DDE so that it could run a remote HTML application. DDE refers to Dynamic Data Exchange, a mode of interprocess communication used by the Windows operating systems. Using DDE, a program could access items made available by a different program. For instance, a program could access a single cell in an MS Excel spreadsheet used by another program. Using DDE, the first program could even get notified whenever a change is made in that particular cell.
Though other modes of interprocess communication, like Object Linking and Embedding (OLE), is also used in computing, DDE is frequently used because of its simplicity. This means the malware threat Microsoft issued could affect a wide digital landscape.
Microsoft clarified that the use of HTA (HTML Application) in the new malware is different from previous a DDE-based malware that used Powershell.(Powershell refers to the task automation and configuration framework created by Microsoft. It also has an allied coding language that was made open source in August 2016.)
But the new malware uses a different strategy: it links to a URL that has the word “test” in it. According to MMPC, this link currently remains inaccessible. Microsoft’s current theory is that cybercriminals would distribute a functional version of the malware using a spam campaign in the days immediately prior to Black Friday. The company said that the Windows Defender AV would detect the malware as “Exploit:097M/DDEDownloader.E.” but it said nothing about whether other antivirus programs would be able to spot it too.
So, come Black Friday, shop to your heart’s content but be on the lookout for this particular threat in your digital devices.
BY DHINOJ DINGS ON 11/21/17 AT 11:36 PM
Founded in 1991, Future Quest Technologies was created based on a fresh consumer need: on-site technology delivery. Future Quest Tech strove to be, and successfully became, a woman-owned trusted provider of Information Technology products, services and support. For 20+ yrs now, I've focused on financial crimes and digital investigations. My aim is to guide other FinCrime Investigators to be the best investigators they can be.
Subscribe to:
Post Comments (Atom)
-
Missing evidence is not the same as missed evidence or evidence that is lost. When I speak of missed evidence it relates to evidence that...
-
Romance and Pig Butchering Scams: History, Impact, and Prevention By Eina JL Schroeder, CAMS/CFCS Romance Scams Imagine your single, read...
-
It’s a little more complicated than just copying data By Barbara Krasnoff Sep 2, 2020, 4:35pm EDT Two-factor authentication (2FA) is ...
No comments:
Post a Comment