America's Digital Goddess Kim Komando: Beware of a new malware attack

Software developers face a daunting challenge every day with the products they maintain. Not only does their software need to work well and accomplish what it advertises, but it also needs to improve constantly and be secure against hacks. If a product or application is still supported, it’s the responsibility of the software maker to protect the users of its products.

And this is not easy, of course. It’s a game of cat and mouse as hackers continuously poke holes in popular software and developers patch them as they come. This is why software companies typically need the help of software bug bounty hunters since it’s impossible to catch all the potential flaws and bugs in its products.

The worst of these bugs are what are known as “zero-day” bugs. These are previously unknown bugs that hackers are already actively exploiting.

Zero-day in Internet Explorer

Software security firm Qihoo 360 has revealed a new malware campaign that is actively exploiting a previously unknown zero-day flaw in Microsoft’s Internet Explorer.

Zero-day exploits are some of the biggest threats developers face. The term “zero-day flaw” is just a fancy way of describing exploits that are discovered and abused by hackers before the software company has time to issue a patch.

This time, hackers are distributing malicious Microsoft Office documents to install malware and backdoors on infected Windows machines. These poisoned documents are reportedly targeting a previously unknown “double kill” vulnerability in Internet Explorer and any other applications that use the browser.

Once an unsuspecting victim clicks and opens the booby-trapped Office document that has an embedded malicious webpage, a nasty code will run on the target machine. This code will then download and install the attacking program from a remote server.

Although the actual flaw it uses to initiate the exploit is still not publicly known, the attack reportedly also uses a known User Account Control (UAC) bypass bug in its later stages.

It also hides its malicious activity via “file steganography.” Steganography is a technique where malicious files or messages are concealed inside another seemingly harmless file or program to evade detection.

The zero-day exploit affects all versions of Internet Explorer and applications that use it. You don’t even have to be actively using Internet Explorer to get infected. As soon as you open the malicious Office document, the malware automatically does what it is set to do.

Who can be behind the campaign?

Qihoo 360 said that an Advanced Persistent Threat (APT) group is quite possibly behind the attacks. APT groups are highly organized hacking units whose main goal is to steal data, sabotage infrastructure and disrupt businesses covertly with targeted attacks.

APT groups are typically state-sponsored groups but it’s still not clear if these current attacks are politically motivated or related to cyber espionage.

In the meantime ...

Qihoo 360 researchers said that they already reported the flaw to Microsoft on April 19 and based on the standard 90-day “responsible disclosure” timeframe, they are giving the company enough time to issue a patch before they publicly reveal more details about the exploit.

As we await Microsoft’s patch, please be extra careful about opening any Office documents sent from unknown sources either via e-mail or file sharing. Although you may not be using Microsoft’s infamous Internet Explorer browser anymore, you’re still at risk from this attack.

How to update

Microsoft typically issues its security fixes on the second or third Tuesday of each month (unofficially known as Patch Tuesday) but we’re hoping it will issue a patch for this flaw sooner via emergency update.

At any rate, here’s how to apply the latest Windows patches.

How to update Windows

Most Windows machines are set to download and install updates automatically by default. If you haven’t changed your automatic update settings then you should be fine.

On Windows 10, click Start (Windows logo), choose “Settings,” select “Update & Security,” then on the “Windows Update” section, select “Check for Updates.” (Note: the “Windows Update” section is also handy for showing you updates that are currently being downloaded or applied.)

If you have an older Vista or Windows 7 system, check out tips on how to set up and check Windows Updates by visiting https://www.komando.com/tips/12023/install-these-windows-internet-explor.... n

 

Kim Komando – “America’s Digital Goddess” – is one of America’s most successful radio hosts and Web entrepreneurs - and a trusted guide to millions through the thickets of today’s digital lifestyle.

“The Kim Komando Show,” a three-hour call-in weekly radio show on technology, and Komando’s daily “Consumer Tech Update” news reports are heard on hundreds of radio stations across the country and hundreds more around the world. Her busy website, daily newsletters, numerous books, and weekly USA Today column reach millions of others.

Category: