On June 7, security researchers at Microsoft issued a warning about a spam email campaign spreading malicious documents.
The spam emails have been found carrying malicious RTF documents that automatically run malicious code without requiring user interaction.
Microsoft warned that the campaign appears to target European users, as the emails are sent in European languages.
The Microsoft Security Intelligence team tweeted:
“In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload. The backdoor payload then tries to connect to a malicious domain that’s currently down.”
The vulnerability CVE-2017-11882 was fixed in 2017, however the exploit is still observed in attacks to this day. As the initial infection vector had been patched back in November 2017, users who applied the November 2017 patch should be safe.
This method exploiting CVE-2017-11882 is a popular tactic utilised amongst hacker groups engaging in highly targeted attacks including espionage.
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.