There is a new fresh email spam/malware campaign currently out that is targeting Microsoft Office, Microsoft Windows and it that dates back to 2000. This vulnerability, CVE-2017-11882, was fixed in 2017, but unpatched systems are still vulnerable and being exploited today. This attack allows for running malicious code without the users’ intervention. The infected file will download multiple different types of files and connects you to the bad guys. Microsoft sent out warning of this email campaign on Friday, June 7th, 2019.
How does it work
The attacker will email with an attachment and hope that the receiver will open the attachment. The attachment will come as a Microsoft Excel document, a Word document, or RTF document (.doc, .xls, .rtf) and once opened will run the malicious code on your system.
The documents will look blurry, and you will be prompted to enable content to view the content better. Once allowed, that’s when it strikes.
The payload for this specific campaign is known as a backdoor Trojan which gives the bad actors access to your computer remotely, and they can install anything and everything they’d like.
Once infected, the attackers will install key logging software on your system, and other software in order to steal your passwords, and logins. They will steal sensitive information including credit cards, social security numbers, pictures, and any other personal information they can take.
If you have already installed and applied (including a reboot) the November 2017 Microsoft patch, you’re already protected and do not have to worry about this email campaign. This is one of multiple times this exploit has been used in other email/spam campaigns over the last couple years.
How do I protect myself
There are many ways you can protect yourself from this attack, and many other email spam attacks and malicious code. The key to protect yourself is by keeping everything up to date, and keeping good antivirus software on your system.
- Install Microsoft updates on both Windows (7, 8, 10) and Microsoft Office (2010, 2013, 2016, 2019).
- Install Antivirus software on your system with good email protection.
- Having safe email and web browsing habits.
- Keep difficult passwords, and not simple ones. (A simple password would be “Password1”)
Install Microsoft updates
Installing Microsoft updates can be done through your start menu under “Microsoft Update”, or it could be under “Windows Update” depending on the age of your operating system. Once you have selected one of the two options, you can then perform all of your updates. Bring your system fully up to date.
Antivirus Software is one of the key items on protecting your system. All 4 of the items are important, but Antivirus software is an easy way to add some automated detection to your system, and allow your system to passively protect you. Make sure your Antivirus software is also turned on and enabled, and fully updated with new definitions.
This will allow you the highest chances of detecting websites and email that is malicious. Unfortunately, Antivirus software is not 100% and there is still always a chance you can get infected through brand new infections/malware called “Zero days”. This is why all the items above are important.
Safe email and web browsing habits require many key fundamentals
- Don’t open attachments you aren’t expecting
- This is because someone you know could be infected as well, and sending these viruses to you
- Do not click on links that go to suspicious websites.
- Do not provide usernames and passwords
There are different methodologies on keeping difficult passwords, I will go over some basics
- Include a Capital letter, Number, and a Symbol in your password
- The longer your password, the more difficult it will be to brute-force.
- Try not to use a password of a keyword about yourself. (Last name, Family member names, Pet names, Favorite colors, etc)
- Finally, my favorite is to try to make a key pass phrase (3 words together), somewhat random, that is long. Example: KitchenBabySoda9! This makes your passwords significantly more difficult to guess. (Decades instead of hours/days/weeks to break into)
How do I know if I’m infected
There is no easy way to know if you are infected by the virus (or any virus for that matter), but many indicators may be:
- Slow computer (not just old)
- Random Ads and popups
- Weird files showing up on your system
- Files that no longer work (encrypted)
- Weird emails being sent from your email address (in sent items)
In the event you do get infected, it is better to contact a professional to remove the viruses, and then to get a good virus protection that you trust to help prevent it in the future. Due to the nature of viruses and malware, it is always highly recommended wiping your computer (saving your data of course) and reinstall your applications. Sometimes you can also get lucky and antivirus software can take care of the majority of the infection.
If you have any additional questions on what to do, feel free to leave some comments below, or contact me directly and I will attempt to assist.
An active malware campaign using emails in European languages distributes RTF files that carry the CVE-2017-11882 exploit, which allows attackers to automatically run malicious code without requiring user interaction. pic.twitter.com/Ac6dYG9vvw
— Microsoft Security Intelligence (@MsftSecIntel) June 7, 2019
Although Microsoft has detected elevated spamming campaigns over the last few weeks using this specific vulnerability, there is always a risk of spam and viruses through email. Keep safe by protecting yourself in the ways above, and keep alert when opening emails and other websites. There will always be a new attack and/or malware to worry about, until next time.
If you have any questions, you disagree or want to add anything additional to help others, feel free to post below.
Also, is sure to join my Newsletter!