The Internet is full of various types of attackers and fraudsters. Recently, I have seen various hacking attempts through malicious software running in the background of any operating system. However, these types of software are not installed by themselves but with various freeware available over the internet such as any freeware software or free movie. Nowadays, hackers and fraudsters have also adopted a new way to get into your system which is by using your emails.
I recently received an e-mail that says “TSC Commercial Invoice” and obviously it was not related to me by any means. I am also attaching a picture of the same.
This email also had an excel file as an attachment which I tried to preview directly from the outlook application and it has shown a picture that says the document is protected and I need to give writing permission by downloading the file to the computer and opening it via Microsoft excel.
This made me suspicious enough to take some action to identify whether the file is a trick or it’s just a normal invoice file. So, I did a malware test through trusted online sources such as ‘Fortinet’ and found what I was worried about.
After the online scanning, it was confirmed that the file was infected with a malware named MSExcel/CVE_2017_11882.F!exploit which according to Microsoft, is a memory corruption vulnerability where an attacker sends users a specially crafted file with malware to users and asks them to open the file with malware that will give them access to control users’ device by proving them full access of the affected device.
This is a kind of attack through the malware introduced by those hackers to access and control the device as per the administrative rights of the user. After that, an attacker might install applications, read, alter, remove data, or create new accounts with full user privileges. Users whose accounts are set up with fewer user privileges on the system may be less affected than those who have administrative user rights.
For more details on MSExcel/CVE_2017_11882.F!exploit, you may visit Microsoft Office Memory Corruption Vulnerability.
How to prevent our devices from these types of malware?
Precaution and prevention are always prime methods to prevent any mishappening. One must ensure proper care through their knowledge while dealing with these emails. Before opening any suspicious file always confirm whether the file received through email is from any trusted source or related to your past knowledge and work reference. Be Aware! of these types of files in the future.