Security News > 2017 > April > MS Office zero-day is used to infect users with Dridex (Help Net Security)
2017-04-11 16:40
The still unpatched MS Office zero-day vulnerability publicized by McAfee and FireEye researchers this weekend is being exploited to deliver the infamous Dridex banking malware. Exploit delivered through spam email ProofPoint researchers observed the exploit being leveraged through a spam email campaign directed at millions of recipients across numerous organizations, primarily located in Australia. “Emails in this campaign used an attached Microsoft Word RTF (Rich Text Format) document. Messages purported to be from ‘
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/UTaNVpucxZs/
Related news
- Microsoft discloses Office zero-day, still working on a patch (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)