MICROSOFT WARNS OVER NEW WORD ATTACKS THAT CHANGE USERS’ PROXY SETTINGS
Microsoft has warned Office users that viruses delivered via Word are back – and this time they could be even worse news for their victims.
By tricking users into opening malicious files, cyber criminals can change their browsers’ proxy settings to route their web traffic through their servers.
This means the hackers are able to steal victims’ usernames and passwords, as well as gathering information on their browsing habits.
“Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows,” Microsoft said in a blog post warning users of the new threat.
“Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10.”
It said that in a typical attack, users receive an email with an Word document attached. Inside the file, they are tricked into running a script by double-clicking on an object.
If the user gives it permission to run, the malware installs browser certificates and the Tor client and changes their proxy settings.
This enables the cyber criminals to see all web traffic – including HTTPS – and alter websites to deliver phishing and advertising campaigns, Microsoft said.
Subsequently, they could steal sensitive information and web credentials, possibly without the user even being aware that something is amiss.
“To avoid attacks like we have just detailed, it is recommended you only open and interact with messages from senders and websites that you recognise and trust,” Microsoft said.
“For added defence-in-depth, you can reduce the risk from this threat by following the guidance in our previous blog post on how to adjust the registry settings to help prevent OLE Embedded Objects from executing, or from running without your explicit permission.”