14 DAY TRIAL // Security firm Trend Micro has released a report to describe a recently-discovered hack targeting unpatched computers running Microsoft Office, currently the world’s number one productivity suite.
According to these security experts, the advanced persistent threat (APT) is trying to exploit an Office vulnerability that would basically allow hackers to deploy malicious software on an unpatched system and thus access private information, such as bank accounts.
Codenamed SafeNet (PDF viewer required), the new wave of attacks has apparently affected computers in more than 100 countries around the world.
Basically, hackers send emails comprising malicious Word documents that require users to download and open the files. Once users do that on an unpatched system, malicious apps are automatically deployed too, so hackers quickly gain access to these workstations.
"While we have yet to determine the campaign's total number of victims, it appears that nearly 12,000 unique IP addresses spread over more than 100 countries were connected to two sets of command-and-control (C&C) infrastructures related to Safe. We also discovered that the average number of actual victims remained at 71 per day, with few if any changes from day to day,” Trend Micro explains.
While the source of the attacks cannot be determined, Trend Micro says that it actually managed to trace a hacker and find its location. Even though this particular attack was launched from China, the security company says that not all attacks are necessarily launched from the same location.
“The author of the malware used in the campaign is probably a professional software developer who studied at a technical university in China. This individual appears to have repurposed legitimate source code from an internet services company in the same country for use as part of the campaign's C&C server code,” it explained.
Microsoft is yet to release a public comment on this, but the company has already fixed the flaw in April 2012, so all users are highly recommended to update their systems as soon as possible.