Leave a comment

Malware alert: Trojan spreading through popular word processing programs

Malware alert: Trojan spreading through popular word processing programs
Photo courtesy of Shutterstock

You need to know about a new malware attack that starts with a flaw in Windows and spreads through Microsoft's Web browser Internet Explorer. It's spreading through a popular word-processing program and, if it gets into your computer, it steals information it finds in there, including noting the anti-virus program you've got installed.

Last year, this malware called Trojan.Laziok attacked large energy companies in the Middle East. Now, this information-stealing malware is focusing on computers like yours. Here's how this malware attack works.

It starts with a hidden version of JavaScript on a website. If you open the site, it exploits a Windows vulnerability known as Unicorn, or CVE-2014-6332.

If you access it from Internet Explorer, the hackers can exploit it using a method called Godmode. There's more to it. Then, the attackers use PowerShell to download the malware from Google's online word processor Google Docs.

"Users are not usually able to download malicious content from Google Docs because Google actively scans and blocks malicious content," said cybersecurity researchers at FireEye, speaking to SecurityWeek. "The fact that this sample was available and downloadable on Google Docs suggests that the malware evaded Google's security checks."

Update: Good news. Google says they have removed the malicious file, according to SecurityWeek.

Next Story
Security Alert: Core Windows feature gives hackers a way into your computer
Previous Happening Now

Security Alert: Core Windows feature gives hackers a way into your computer

Top Story: This Adobe security hole doesn't have an easy fix - here's what to do
Next Happening Now

Top Story: This Adobe security hole doesn't have an easy fix - here's what to do

View Comments ()