Newer methods are being employed regularly by hackers to gain control over a user’s machine.
How Microsoft Word is abused by hackers?
The ‘online video’ feature enables inserting a video into word document, without embedding a code. The facility is provided by Microsoft to keep the document size relatively small. According to the Israel-based cyber security firm Votiro, when a user attaches an online video, a webVideoPr element of type CT_WebVideoPr, which supports embedded HTML code is loaded in the document. As only basic security checks are being adopted, the loaded HTML code poses huge security risks.
Now, hackers have taken it to the next level by gaining full control of the machines. A word document with a malicious code is delivered through spam and the interesting topic will lure the user to click the video by disabling the ‘protected view.’ Without the knowledge of the user, the IE frame would redirect the user to the exploit-kit (a malicious toolkit used to exploit security holes found in software applications for the purpose of spreading malware. If exploit succeeds, a malware program is downloaded to the victim’s computer and executed) gate, which would evaluate and infect the machine, if conditions are suitable for exploitation.
The process defeats Windows Defender Exploit Guard as the exploitation is done as a separate process. Therefore, the program can be installed even on an updated Windows 10 machine. The ‘online video’ feature is available in Power Point as well. However, Power Point does not allow injection of HTML code.