Microsoft Security Researchers have issued a warning to users of ongoing spam campaigns that are spreading malware through deceiving emails.
The warning is centered around certain malicious emails carrying RTF documents that, if opened, could infect the user with Trojan. It is only opening the attached document that will infect the user.
A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software, Trojans can be employed by cyber-thieves and hackers trying to gain access to users' systems. Users are typically tricked by some form of social engineering into boding and executing Trojans on their systems. Once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system.
Microsoft has revealed the main target of the spam campaign seem to be European users, due to many of the spam email being written in European languages.
The Microsoft Security Intelligence team said:
"In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the playload,"
However, the Trojan's command and control server is currently offline. But Microsoft is warning users that the server can still come back online at any time, so still be weary.
The best way to protect yourself if you think you may be a target is to download and install the November 2017 Patch Tuesday security updates, if you haven't already. The actual vulnerability is called CVE-2017-11882, and it is using a flaw in older versions of the Equation Ediot component that comes with Office installs, which is usually used for compatibility purposes along with Microsoft's newer Equation Editor module.
Microsoft announced in a Tweet:
"Office 365 ATP detects the emails and attachments used in this campaign,"
"Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD and the payload as Trojan:MSIL/Cretasker. Other mitigations, like attack surface reduction rules, also block the exploit."