Office惊现零日漏洞 黑客可利用Word文档安装恶意软件
时间:2017-04-19 00:22:19
Online banking1 customers around the world should be on the lookout2 for scam emails that allow hackers3 to steal your passwords - and your money.
Phishing emails which claim to be from reputable financial organisations contain hidden software - designed to exploit a newly discovered flaw in Microsoft Word.
Documents opened with the word processing software may trick users into downloading code that allows cyber criminals to infect their computer and capture banking logins.
Cyber security firm Proofpoint warned that the exploit was being used to spread the trojan software - called Dridex.
Office惊现零日漏洞 黑客可利用Word文档安装恶意软件
Dridex has
previously4 been used to steal online banking passwords globally, resulting in the theft of hundreds of millions of dollars worldwide.
During an outbreak of the virus in 2015, the US was most heavily
affected5 according to computer security firm Symantec.
This was followed by Japan and Germany, with significant numbers of infections also seen in the UK, Canada, Australia, and a number of other European countries.
The latest email campaign started in Australia, but experts are warning this could quickly spread to the rest of the world.
The exploit targets a previously undiscovered flaw - known in security circles as a 'zero-day' vulnerability - in the software.
This allows hackers to insert
malicious6 code into the body of a document - in this case fake RTF files (Rich Text Format) which are actually disguised HTML code.