Dridex gang uses unpatched Microsoft Word exploit to target millions

An email spam campaign distributed malicious Word documents that exploited an unpatched flaw to install the Dridex banking trojan

The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit and used it to target millions of users.

The exploit's existence was revealed Friday by security researchers from antivirus vendor McAfee, but targeted attacks using it have been happening since January. After McAfee's limited public disclosure, researchers from FireEye confirmed having tracked the attacks for several weeks as well.

The exploit takes advantage of a logic bug in the Windows Object Linking and Embedding (OLE) feature of Microsoft Office. It allows attackers to embed malicious code inside of Microsoft Word documents, with the code automatically executed when those files are opened.

Even though security researchers have not disclosed specific details about the vulnerability, it seems that mere knowledge of the exploit's existence was enough for cybercriminals to track it down and reverse engineer it.

On Monday, the Dridex gang launched an email spam campaign that distributed malicious documents exploiting this flaw to millions of users, primarily within organizations in Australia, security vendor Proofpoint reported.

"This represents a significant level of agility and innovation for Dridex actors who have primarily relied on macro-laden documents attached to emails," the Proofpoint researchers said in a blog post. "This is the first campaign we have observed that leverages the newly disclosed Microsoft zero-day."

Until now, the Dridex campaigns have relied on rogue documents with malicious macros that required user interaction to actually execute. The new Word exploit makes their infection campaign much more dangerous and more likely to succeed.

The use of previously undisclosed, zero-day exploits is typically associated with cyberespionage -- targeted attacks against a limited number of victims. This is because such exploits are valuable resources, and attackers try to benefit from them for as long as possible. Using zero-day exploits in widespread campaigns would significantly increase the chance of security companies discovering them and vendors patching the flaws.

Dridex first appeared back in 2014 and is currently one of the most prevalent computer trojans targeting online banking accounts. It can steal login credentials and inject content directly into banking websites opened on infected machines.

Microsoft plans to patch the vulnerability exploited in this attack on Tuesday, a Microsoft representative said in an emailed statement. "Meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue."

Security vendors have also recommended that Microsoft Word users enable the Protected View mode, which can block this exploit from working.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?