Home Security Microsoft Word bug used to spread banking trojan

Australian users of Microsoft Word are being advised to tread with care as a zero-day that was publicised on the weekend is being used to spread the Dridex banking trojan.

Security firm Proofpoint said it had observed the document exploit, which was publicised by McAfee and FireEye, being used in a large email campaign distributing Dridex.

Proofpoint said the trojan was distributed to millions of recipients across numerous organisations in Australia, which they claimed was the primary country of this attack.

Microsoft has issued a patch for this vulnerability, the details of which were reported by iTWire on Sunday.

The bug in question allows a malicious Word document containing an OLE2link object to be executed by a system running even Windows 10. On execution, a malicious .hta file is fetched from a command server and run on the machine in question.

Screen Shot 2017 04 12 at 9.37.44 AM

The dialog box that appears when users open the document on a vulnerable system. 

Sherrod DeGrippo, director of Emerging Threats for Proofpoint, said: "Threat actors continue to demonstrate their flexibility and adaptability, rapidly taking advantage of new means of infecting users.

"Although attacks relying on document exploits are increasingly uncommon, they certainly remain in attackers' toolkits. New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign that relied on this new exploit."

Microsoft also released additional updates for vulnerabilities in its products overnight, as part of its monthly security updates.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities