Attackers are always active and they don’t miss any single chance to unarmed the valuable source. The battle between Dridex Trojan malware and Microsoft Office is always there, as mentioned above the attacker don’t miss the chance to harm a computer user. This Dridex Trojan uses new zero-day exploit in latest attacks to make it more complex for the computer user. The attack was all blend with a spam mails which contain malicious attachments of Microsoft Word Documents that make use of a vulnerability in the way that Microsoft handles such OLE2Link objects.
Microsoft OLE2Link Object : This Microsoft OLE2Link Object show an unspecified action which allow unauthenticated attacker ( Remote Attacker) to trigger arbitrary code on a system.
According to the experts ( Cyber Security Researchers ) this attack of Dridex Trojan so effective that it bypass from most risky scan. It’s not new one where Microsoft have to take time to eliminate it. The Dridex Trojan which is also a “Financial Banking Trojan” was first observed in July 2014 and from 2014 to 2015 the attack was mostly active. However on recent day’s this been seen that Dridex Trojan uses new zero-day exploit in latest attacks to make it more noxious. Multiple of reports tell about this new zero-day exploit, which almost affect all the version of Microsoft Word. An email ( solicited mails ) was deliver to millions of recipients across numerous organizations. According to the Proofpoint, This represents a significant level of activity and innovation for this Dridex actors ( Dridex Trojan) who count on the macro-laden of documents attached to emails.
Macro-laden : Macro-laden is like a Japanese malspams which deliver Gozi/ISFB/Ursnif banking Trojan.
While the emphasis on the use of human factors, which are the tendency of people to click and install malicious software or unwanted program in their devices. Social engineering attacks remains a key trend in today’s threats world, attackers are taking an opportunistic use of the available tools to spread malware effectively and efficiently. This is the first campaign we’ve seen meet the newly released Microsoft zero-day. This is why the attackers of Dridex Trojan uses new zero-day exploit in latest attacks.
A test done, which show the system get exploit by opening the Office 2010 suit or documents. While the document get opened, it was represents with a open dialogue box. On the dialogue box is ask from the user “ This document contains links that may refer to other files. Do you want to update this document with the data from the linked files”.
According to experts this dialogue box was just enough to bring the Dridex Trojan malware, there was no need to choose the Option “Yes” from the appeared dialogue box or to authenticate the dialogue box.
A new report comes out on the analysis done by FireExye researcher, They say the attack of this Dridex Trojan involves a MS Office TRF documents which is embedded with OLE2Link Object.
“When th document is open by user, an exe file name winword.exe issues a HTTP request to a remote server, this request is done to retrieve a malicious file name “.hta file”. This “.hta file” appear as a fake RTF file”.
However the Dridex Trojan which is a strain of banking Trojan malware that take advantage of macros in MS office only to infect the system. Whereas Dridex Trojan uses new zero-day exploit in latest attacks which affects all the current version of Microsoft Office on every Windows OS including the latest Microsoft Office 2016 running on Your Window 10 system.
Related Source : Dridex Trojan Uses New Zero-Day Exploit in Latest Attacks , Dridex Trojan, Zero-Day Exploit