|
|
 |
|
|
Apt attackers are increasingly using booby-trapped rtf documents by wgre ethbtn
|
|
|
Apt attackers are increasingly using booby-trapped rtf documents |
|
|
|
|
|
Business,Business News,Business Opportunities
|
|
Booby-trapped RTF documents are one of the most common types ofmalicious Microsoft Office files that are used to infect computerswith advanced persistent threats (APTs), according to securityresearchers from Trend Micro. "Taking data from exploit documents gathered last April, we can seethat the most exploited MS Office software is MS Word," said TrendMicro senior threat researcher Ryan Flores, in a blog post on Wednesday. [ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter , both from InfoWorld. ] The company's statistics show that 63 percent of the maliciousMicrosoft Office documents intercepted in April exploitedvulnerabilities in Microsoft Word. Out of those vulnerabilities, the most commonly targeted ones wereCVE-2010-3333 and CVE-2012-0158, which stem from bugs in MicrosoftWord's code for parsing Rich Text Format content.
RTF content can either be saved in a document with an .rtfextension, or can be embedded into a .doc file. In fact, manymalicious documents that exploited CVE-2010-3333 and CVE-2012-0158have had a .doc extension. The fact that the 2-year-old CVE-2010-3333 vulnerability is stillwidely exploited in attacks today shows that companies from manyindustries are failing to keep their Microsoft Office installationsup to date, Flores said. This is particularly troubling because Microsoft just patched a new Microsoft Word RTF parsing vulnerability Tuesday that could allow remote code execution. The vulnerability is identified as CVE-2012-0183 and affectsMicrosoft Office 2003 and 2007 for Windows, as well as MicrosoftOffice 2008 and 2011 for Mac OS.
Considering the attackers' rapid adoption of exploits forCVE-2012-0158, a RTF parsing vulnerability patched by Microsoft inApril, it's likely that CVE-2012-0183 will also be targeted soon. "Within a span of two weeks, CVE-2012-0158 went from zero toactually surpassing CVE-2010-3333 as the preferred exploit ofattackers," Flores said. "This just shows that the time window forpatching critical vulnerabilities is small, which requires duediligence and discipline on patch management by organizations." APT attacks that use boobytrapped documents don't only targetWindows users. Back in March, researchers from security firmAlienVault, analyzed an APT attack against Tibetan activists that exploited a vulnerability in Microsoft Office for Mac to install Mac malware.
"With the current interest being shown by cybercriminals ininfecting Macs, it would be extremely sensible for all users ofMicrosoft Office on the Mac to update their systems as a matter ofpriority," said Graham Cluley, a senior technology consultant atantivirus vendor Sophos, in a blog post on Wednesday. "Note that if you rely solely upon the Software Update featurebuilt into Mac OS X it will not update the Microsoft product,"Cluley said. Security patches for Microsoft Office for Mac aredelivered through the program's own updating mechanism. I am a professional writer from Sweaters, which contains a great deal of information about tree jewelry display , frozen cooked food, welcome to visit!
Related Articles -
tree jewelry display, frozen cooked food,
|
Rate This Article  |
|
|
|
|
|
Do you Agree or Disagree? Have a Comment? POST IT!
| Reader Opinions |
|
|
|
|
|
|
|
|
|
| Author Login |
|
|
 |
Advertiser Login
ADVERTISE HERE NOW!
Limited Time $60 Offer!
90 Days-1.5 Million Views
|
|
ALEX BELSEY
I am the editor of QUAY Magazine, a B2B publication based in the South West of the UK. I am also the...more
|
|
|
|
|
STEPHEN BYE
Stephen Bye is a fiction writer. His most recent novels are a 5-book “The Developer” series which be...more
|
|
|
|
|
PAUL PHILIPS
For more articles, blog messages & videos and a free e-book download go to www.NewParadigm.ws your p...more
|
|
|
|
|
TIM FAY
After 60-plus years of living, I am just trying to pass down some of the information that I have lea...more
|
|
|
|
|
LAURA JEEVES
At LeadGenerators, we specialise in content-led Online Marketing Strategies for our clients in the t...more
|
|
|
|
|
LEVAL AINAH
I am an internet marketer and also an educator. My goal is to help others who are looking to improve...more
|
|
|
|
|
GENE MYERS
Author of four books and two screenplays; frequent magazine contributor. I have four other books "in...more
|
|
|
|
|
ADRIAN JOELE
I have been involved in nutrition and weight management for over 12 years and I like to share my kn...more
|
|
|
|
|
MICHAEL BRESCIANI
Rev Bresciani is the author of two Christian books. One book is an important and concisely written b...more
|
|
|
|
