Windows Dridex Bug Patched, Allowed Malware in Word Files

Researchers from the security software company McAfee recently identified a flaw in Microsoft Office that may have infected millions of users.

An exploitable software flaw enabled attackers to insert Dridex malware into Word documents. The infected documents were subsequently distributed as email attachments over the Internet. The hack purportedly targeted numerous institutions, including Australian banks and other enterprises. Microsoft published a cure for the Windows Dridex flaw on Tuesday.

Windows Dridex Bug Used to Steal Millions from Banks

The Dridex malware has been wreaking havoc on the online banking industry since 2015. Typically distributed through spam and malicious email attachments, this malware, when executed, downloads and installs a Trojan from a hijacked remote computer.

Dridex can monitor the victim’s online banking activity. It uses a keylogger to steal their login credentials and financial data as they type it into the system. In 2015, hackers stole £20 million and $10 million from UK and US victims using the Windows Dridex bug.

This particular attack is noteworthy for a couple of reasons. Unlike previous versions of Dridex, this variant did not require macros enabling to trigger the infection. Instead, it relied on a zero-day vulnerability by exploiting a weakness previously unaddressed and therefore unpatched by Microsoft.

The dridex malware compromised all versions of Microsoft Word, including the latest version bundled into Windows 10. The weak link was an Office feature called Object Linking and Embedding (OLE).

A Microsoft proprietary technology, OLE lets you move data from one document or application into another. While it comes in handy when working with presentations and spreadsheets, the feature is a dream come true for crafty hackers. An OLE vulnerability could enable a remote attack that bypasses security features and tricks users into opening a document that contains the infected object.

Data Protection Starts with a Backup

In theory, the latest Windows patch would provide automatic protection for all users affected by the attack. Windows 10 is one of the most secure operating systems on the market. However, the alarming effectiveness of Dridex once again proves that no system is ever completely secure.
The latest Windows Dridex bug is not the first and won’t be the last vulnerability to put countless users at risk. With that said, there are a few ways you can defend against this and similar attacks:

• always approaching email attachments with caution;
• keeping your anti-virus software update;
• backing up your data regularly;
• keeping at least one backup copy on a device disconnected from the Internet.

A data protection strategy is a key to keeping yourself safe – prevent security breaches and make sure you can always recover as soon as possible to keep your business intact and running.