On June 7, security researchers at Microsoft issued a warning about a spam email campaign spreading malicious documents.

The spam emails have been found carrying malicious RTF documents that automatically run malicious code without requiring user interaction.

Microsoft warned that the campaign appears to target European users, as the emails are sent in European languages.

The Microsoft Security Intelligence team tweeted:

“In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload. The backdoor payload then tries to connect to a malicious domain that’s currently down.”

The vulnerability CVE-2017-11882 was fixed in 2017 however the exploit is still observed in attacks to this day. As the initial infection vector had been patched back in November 2017, users who applied the November 2017 patch should be safe.

This method exploiting CVE-2017-11882 is a popular tactic utilised amongst hacker groups engaging in highly targeting attacks including espionage.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.


comments powered by Disqus