Oh my Microsoft Word: Dridex hackers exploit unpatched flaw

Banking trojan-proofing will take place later today

Cybercrooks are actively exploiting an unpatched Microsoft Word vulnerability to distribute the Dridex banking trojan, claim researchers.

Booby-trapped emails designed to spread the cyber-pathogen have been sent to hundreds of thousands of recipients across numerous organisations, according to email security firm Proofpoint.

The switch to document exploits by the hackers represents a change of tactics by a group that previously leaned heavily on malicious macros to distribute their wares.

The Word document exploit at the centre of the attack was only discovered last week, so its abuse represents a rapid weaponizisation of the exploit.

FireEye researchers who discovered a bug in Word's Object Linking and Embedding technology were working with Microsoft, but were pre-empted by a disclosure from McAfee, as previously reported.

An update addressing the flaw is anticipated in April's edition of Redmond's Patch Tuesday later today. A Microsoft spokesman told the BBC: "We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically."

Sherrod DeGrippo, director of emerging threats at Proofpoint, commented: "Although attacks relying on document exploits are increasingly uncommon, they certainly remain in attackers' toolkits. New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign that relied on this new exploit." ®


Biting the hand that feeds IT © 1998–2017