The Microsoft security team warns of a new campaign of spammers, attackers distribute malicious RTF documents that infect users when opening such a file.
According to experts, in this cyber operation criminals use the Office vulnerability. Microsoft noted that users are under the gun of cybercriminals, since malicious emails are written in various European languages.
“In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload. The backdoor payload then tries to connect to a malicious domain that’s currently down. ” said the Microsoft Security Intelligence team.
The ultimate malicious component is the backdoor, which communicates with the C&C center. Apparently, at present, the C&C server of the attackers is not functioning, its activity has ceased after a warning from Microsoft, which was published on Friday. However, experts draw the attention of users to the possibility of new waves of this malicious activity, during which attackers will exploit the same vulnerability and use similar schemes to attack.
The good news is that users can defend themselves against these attacks, and it is quite simple to do this – you just need to install the update released by Micirosoft in November 2017.
If you are looking for managed IT services in Toronto, GTA or across Ontario, feel free to call us and book an on-site consultation, it is free!