[ALERTA] New type of malware infects documents from ...

[ALERTA] New type of malware infects documents from …

November 13, 2017

If you open a Word document that shows pop-up messages you must be very careful when pressing a button to accept changes, updates, or running applications that you are not sure where they come from.

The Fancy Bear hacker group, known for its ties to Russia, has been actively exploiting a technique that allows an attacker to use Office documents to infect computers with malware.

Microsoft has released new security tips for opening Microsoft Office documents that use Dynamic Data Exchange (DDE). This is a communication technology that allows a file to execute code stored in another file, and also makes it possible for applications to send updates if new data is available.

The technique used is not new, but it has been actively being exploited again. By default, Office does not allow a document to automatically execute code from external apps, the user must allow it manually once two pop-up messages are shown.

The first message displayed by Word is for the user to allow the document to open links to other files and allow them to be updated. If the antivirus does not detect anything malicious in the document and the user opens it, it will first have to accept two requests in pop-up dialogs so that the malware can infect it. Microsoft’s advice is to be careful what we accept if we don’t know where it came from.

The second message that invites the user to allow the document to run another application.

Keep reading: Microsoft explains how to protect yourself from a new type of attack that infects Office documents

[+] Videos de nuestro canal de YouTube