TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Microsoft Word Intruder: Malware with a difference

The programs used to create malicious documents that exploit vulnerabilities in Office applications such as Word are now being advertised in underground forums. One such new tool that has recently come up offers the ability to track the effectiveness of campaigns. Microsoft Word Intruder (MWI)as the program is known, is advertised as an “APT” tool to be used in targeted attacks.

MWI

Microsoft Word Intruder

Reports suggests Microsoft Word Intruder, is likely developed somewhere in Russia and accompanied by a statistics package known as “MWISTAT” that allows operators to track various campaigns. It is advertised on the underground by an individual who goes by the handle Objekt.

How does the program work? Microsoft Word Intruder generates Rich Text Format (RTF) documents that are booby-trapped to exploit vulnerabilities in Microsoft Word. The most recent version of the program is capable of delivering multiple vulnerabilities in the same document, piled up one after another.

FireEye reports, samples of MWI produced since December 2014 include a special tracking feature called MWISTAT, which embeds a distinctive URL in the generated RTFs. It’s particularly noteworthy to mention here that malware delivered in booby-trapped Office files tends to fall into two categories:

Droppers

This includes one or more encoded malware programs (EXE files) as data that are unscrambled and written directly to disk during the infection process. This means that once you have received the booby-trapped file via medium such as an email or other message, you already have all components of the final malware available locally and the infection can infiltrate even if you are offline.

Downloaders

It contains a URL from which the final infectious malware payload is downloaded and installed, leaving you clueless about exactly what malware the booby-trapped files might deliver. The case is so because, the attackers can vary the download at will.

Much like Browser Exploit Kits, this tool Microsoft Word Intruder, lets even the minimal technically qualified, access Document Exploit kits, by allowing them to purchase them.

Published on Tags: ,

HemantSaxena@TWCN

A post-graduate in Biotechnology, Hemant switched gears to writing about Microsoft technologies and has been a contributor to TheWindowsClub since then. When he is not working, you can usually find him out traveling to different places or indulging himself in binge-watching.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap