Microsoft experiencing email security scam

Tech Blog
June 12, 2019
microsoft experiencing email security scam

Microsoft Security Researchers have issued a warning to users of ongoing spam campaigns that are spreading malware through deceiving emails.

The warning is centered around certain malicious emails carrying RTF documents that, if opened, could infect the user with Trojan. It is only opening the attached document that will infect the user.

A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software, Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into boding and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.

Microsoft has revealed the main target of the spam campaign seem to be European users, due to many of the spam email being written in European languages.

The Microsoft Security Intelligence team said:

"In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the playload,"

However, the Trojan's command and control server is currently offline. But Microsoft is warning users that the server can still come back online at any time, so still be weary.

The best way to protect yourself if you think you may be a target is to download and install the November 2017 Patch Tuesday security updates, if you haven't already. The actual vulnerability is called CVE-2017-11882, and it is using a flaw in older versions of the Equation Ediot component that comes with Office installs, which is usually used for compatibility purposes along with Microsoft's newer Equation Editor module.

Microsoft announced in a Tweet:

"Office 365 ATP detects the emails and attachments used in this campaign,"

"Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD and the payload as Trojan:MSIL/Cretasker. Other mitigations, like attack surface reduction rules, also block the exploit."

Credential theft is a serious threat for businesses.
Defending your business against the threat of credential theft.
Protect your business on the go: The dangers of public Wi-Fi
Protecting your business on the go.
Go: Tech Awards Finalist
We are finalists in the Go: Tech Awards
We offer
Go to our Business Mobile service page to discover what we provide.
ExploreiPhone
We offer
Connectivity
Go to our Connectivity service page to discover what we provide.
Explore
Connectivity
We offer
VoIP
Go to our VoIP service page to discover what we provide.
ExploreVoIP Headset
We offer
Digital Services
Go to our Digital Services page to discover what we provide.
Explore
CRM (Customer Relationship Management)
We offer
Print
Go to our Print service page to discover what we provide.
ExplorePrinter
We offer
IT Support
Go to our IT Support service page to discover what we provide.
IT SupportExplore

Register
your interest

We've Recieved
your interest

Someone will contact you soon.
Form Submission Failed. Try again!
Services
IT SupportBusiness MobilesConnectivityVoIPDigital ServicesPrint
News
Business NewsTech BlogFoundation
Follow Us
LinkedInFacebookXInstagramYouTube
Humber Office
The View,
Bridgehead Business Park,
Hull,
Hessle
HU13 0GD
North East Office
The Catalyst,
3 Science Square,
Newcastle Helix,
Newcastle upon Tyne,
NE4 5TG
West Yorkshire Office
Hub 26,
Hunsworth Lane,
Cleckheaton,
BD19 4LN
The One Point
Contact UsAbout UsCareers
Other
Privacy PolicyCustomer ComplaintsOfcom regulationsEnvironmental PolicyAnti-Slavery PolicyFinance OptionsTerms & ConditionsCovid Response
Talk to one of our specialists. Get started or call us on 01482 420150
© 2022 The One Point All rights reserved. Calls may be recorded for quality and training.