Attackers Embed Malware In Microsoft Office Documents To Bypass Browser Security

Chris Myers is a field service technician for Tech Experts.

Cyber attacks continue to increase at a rapid rate. In 2016, there were 6,447 software security vulnerabilities found or reported to authorities. In 2017, that number rose to 14,714, more than double the previous year. Halfway through 2018, we are at 8,177 with no signs of slowing.

One of the biggest avenues of attacks is Adobe Flash Player, which has been a leading source of vulnerabilities for over 20 years.

Modern browsers have been phasing out Adobe Flash over the past 5 years. In December 2016, Google Chrome completely disabled Flash Player by default.

Mozilla Firefox started to block the most vulnerable parts of Flash Player by default in 2016 and 2017.

The latest Flash Player vulnerability, designated CVE-2018-5002 by Adobe, aims to circumvent those browser changes by hiding the attack in a Microsoft Excel file, which is then distributed by targeted emails disguised as legitimate bulletins from hiring websites.

To hide this from anti-virus software, the hackers went another step further by not including the malicious code directly in the Excel file. Instead, they just embed a small snippet that tells the file to load a Flash module from somewhere else on the Internet. Due to this, the file appears to be a normal Excel document with Flash controls to anti-virus applications.

CVE-2018-5002 is what’s known as a Zero Day vulnerability, which means it was used by attackers before it was discovered and patched.

This particular vulnerability appears to have been used in the Middle East already.

In one instance, businesses in Qatar received an email that mimicked “bayt.com,” a Middle Eastern job search website. The attackers sent the email from “dohabayt.com.”

With Doha being the capitol of Qatar, it was easy to assume that dohabayt was simply an extension of the main website.

However, a true branch of bayt.com, known as a subdomain, would be separated by a period like so: doha.bayt.com. Once the target was tricked into opening the email, they were directed to download and open the attached Microsoft Excel file named “Salaries.”

This was a normal-looking table of average Middle Eastern job salaries, but in the background, the attack was already going to work.

How To Avoid Being Infected
The fake email scenario described above is known as phishing. Phishing is the attempt to disguise something as legitimate to gain sensitive information or compromise their computer.

The word phishing is a homophone of fishing, coined for the similarity of using bait in an attempt to catch a victim.

The attack described above was a type of phishing known as spear phishing, where the attacker tailored their methods specifically to the intended victim.

They disguised the email as a local site used for job or employee hiring, and the file as a desirable database of salary information.

Phishing emails are most easily identified by checking the sender’s email address. Look at the unbroken text just before the “.com”.

If this is not a website known to you or if it contains gibberish such as a random string of numbers and letters, then the email is almost always fake.

While the attack above was sophisticated, most phishing emails simply try to trick the user by saying things like “Your emails have been blocked, click here to unblock them” or “Click here to view your recent order” when you did not actually order anything.

Always be vigilant. When in doubt, forward the email to your IT department or provider for them to check the email for viruses or other threats.

Rules Of Thumb To Avoid An Infection

Anthony Glover is Tech Expert’s senior network engineer and service manager.

A virus can be an upsetting, expensive endeavor to deal with. A virus can wreak havoc on your personal files (like important spreadsheets or family photos) or the system files that keep your computer functioning.

These files can become corrupted, encrypted, or deleted, which makes recovery difficult or sometimes impossible.

Some less obvious viruses — the ones that might slow down your system instead of destroying it — can still affect you by stealing data and what you type on your keyboard, gaining access to your stored credit card information or important sites you use, like your bank. [Read more…]

Anti-Virus: It’s Worth Protecting Yourself

Ron Cochran is a senior help desk technician for Tech Experts.

You can have any machine — from the latest and greatest, to the old dinosaur in the corner — but if you don’t have virus protection, your latest and greatest machine might soon run like that dinosaur in the corner.

All of your sensitive images, documents, billing information, and passwords are subject to infection. No matter how careful you are, there is always something that slips through the cracks.

Often, users say, “I have such and such subscription,” or “I don’t click on anything I don’t know,” but the people spending countless hours causing havoc on computer users will always find new and sneaky ways to infect computers.

Viruses can be attached to images or links on websites. They can also be renamed to look like something that you should install. Once inside your computer, they are hard to track down even by a seasoned computer technician.

Viruses very rarely remove anything from your computer. Instead, they have a tendency to add things that can record your activities on your computer. A person could install a silent program that will start recording your keystrokes triggered by keywords; it can also take a screenshot or record email addresses and passwords. Most of the time, they don’t need to even gain access back to your computer to report the data.

They can have an email sent from your computer and Internet connection without you knowing it. That email, secretly sent from you to them, would contain your information (keystrokes, clicks, etc.).

By now, you have heard of the “crypto virus” and all of its variants. There are many solutions out there, but select few offer “zero-hour” infection reversal, however it’s something that businesses can especially benefit from. Let’s say you accidentally encrypt your machine; it would then be inaccessible until you pay the ransom to unlock your files.

Protection that offers infection reversal can revert your system back to its state right before you were infected and it would be like you never infected by the virus at all. This feature is part of Webroot Secure Anywhere, which is something we can provide.

Viruses not only help people steal your data, but they can also delete or corrupt files, degrade system performance, and make your computer run slower.

Viruses can also prevent programs from working and they can use your email to send out copies of itself to your contacts and other users. Sometimes, they can disable your computer from starting up by corrupting your BIOS firmware.

A couple of the main things that you’ll notice once you’re infected is that your system could run slower and you’ll receive all kinds of fake pop-ups, ads, warnings from “Microsoft,” etc. These type of files are referred to as “scareware” and the makers feed on the fear that you might lose your data, so you’ll pay them to “unlock” your system or “remove” the virus.

Again, we go back to protection. If you had virus protection, then it’s likely that would stop it before it even established itself inside your computer.

There are a few things you should do, if you haven’t already: get some sort of whole computer protection (such as Webroot), have restore points saved on your operating system, have a backup of your operating system install saved on some sort of external media, and save your documents, pictures, and videos to an external source.

When you find yourself in a predicament where you have to wipe an entire computer to remove an infection, you’ll be glad you took the time to prepare for the worst.

How To Avoid Infections On Your Company’s Network

Luke Gruden is a help desk technician for Tech Experts.

Computers are just like people – they too can catch a virus and become infected. Your computer can potentially be infected from anything it connects or interacts with, so it’s important to watch what disk or USB device you insert into your computer or websites you go to.

What is a computer infection?
A computer infection is referring to malicious software that can harm your computer or even steal your information. There’s more than one variation of it. There is spyware that watches what you type and do on your computer to gather and steal information.

There is adware which will change your settings and hijack certain parts of your computer to promote its own products.

There is cryptoware which will lock your whole computer and make it unusable.
There are also many other types of infections or malware that your computer can come across.

Is my computer infected?
If your computer has been running slower recently and you are seeing strange pop-ups or odd programs, you are very possibly infected. At Tech Experts, we monitor many different computers, keeping track of any odd processes and programs that are installed. We also have managed anti-virus that further helps us identify when our client’s computers could be infected.

How can I clean an infected computer?
There are many tools and resources that can be used to clean an infected computer and no single tool is absolutely perfect. Usually when cleaning an infection, we run at least three to four different (reputable) programs, depending on what type of infection it is.

If it is a very deep infection, we could end up running seven or more different programs to clean out the infection. It is important to know which tools to use and how to use them, however.

Certain programs can cause damage to the computers’ registry if you don’t know exactly what you’re looking for.

How do you prevent an infection?
Understanding your computer habits are one of the biggest ways to prevent infections. If you find yourself web surfing to questionable sites or to sites you’ve never been to before, this is one of the biggest ways to catch an infection.

Downloaded programs you don’t remember installing are one of the biggest red flags of an infection. Opening up emails and attachments that you don’t know where they came from is a good way to become infected. Know the sites you visit are safe and be attentive to what emails and downloads you view.

Having a good anti-virus is very important for a clean computer protected from those threats that you cannot see normally. At Tech Experts, we provide AV for ourselves and clients that prevent most infections. No AV is 100% able to stop all infections. With hackers making new threats every day, there is no method to make sure all possible vulnerabilities are blocked.

However, having good software and good habits will prevent the great majority of infections of hopping onto your computer.