Microsoft experiencing email security scam

Tech Blog
June 12, 2019
microsoft experiencing email security scam

Microsoft Security Researchers have issued a warning to users of ongoing spam campaigns that are spreading malware through deceiving emails.

The warning is centered around certain malicious emails carrying RTF documents that, if opened, could infect the user with Trojan. It is only opening the attached document that will infect the user.

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software, Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into boding and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.

Microsoft has revealed the main target of the spam campaign seem to be European users, due to many of the spam email being written in European languages.

The Microsoft Security Intelligence team said:

"In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the playload,"

However, the Trojan's command and control server is currently offline. But Microsoft is warning users that the server can still come back online at any time, so still be weary.

The best way to protect yourself if you think you may be a target is to download and install the November 2017 Patch Tuesday security updates, if you haven't already. The actual vulnerability is called CVE-2017-11882, and it is using a flaw in older versions of the Equation Ediot component that comes with Office installs, which is usually used for compatibility purposes along with Microsoft's newer Equation Editor module.

Microsoft announced in a Tweet:

"Office 365 ATP detects the emails and attachments used in this campaign,"

"Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD and the payload as Trojan:MSIL/Cretasker. Other mitigations, like attack surface reduction rules, also block the exploit."

We offer
Go to our Business Mobile service page to discover what we provide.
ExploreiPhone
We offer
Connectivity
Go to our Connectivity service page to discover what we provide.
Explore
Connectivity
We offer
VoIP
Go to our VoIP service page to discover what we provide.
ExploreVoIP Headset
We offer
Digital Services
Go to our Digital Services page to discover what we provide.
Explore
CRM (Customer Relationship Management)
We offer
Go to our Print service page to discover what we provide.
ExplorePrinter
We offer
IT Support
Go to our Print service page to discover what we provide.
ExploreIT Support

Register
your interest

We've Recieved
your interest

Someone will contact you soon.
Form Submission Failed. Try again!