• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Microsoft Word

qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Posted on:November 22, 2017 at 4:01 am
  • Posted in:Ransomware
  • Author:
    Trend Micro Cyber Safety Solutions Team
0

We encountered a few interesting samples of a file-encoding ransomware variant implemented entirely in VBA macros called qkG (detected by Trend Micro as RANSOM_CRYPTOQKG.A). It’s a classic macro malware infecting Microsoft Word’s Normal template (normal.dot template) upon which all new, blank Word documents are based.

Further scrutiny into qkG also shows it to be more of an experimental project or a proof of concept (PoC) rather than a malware actively used in the wild. This, however, doesn’t make qkG less of a threat.

Read More
Tags: macro malwareMicrosoft WordqkGransomware

Beware the “Insert and Link” Feature in Microsoft Office
  • Posted on:March 18, 2015 at 10:07 am
  • Posted in:Malware, Targeted Attacks
  • Author:
    Abraham Camba (Threat Researcher)
2

Throughout course of my monitoring future and possible targeted attacks, I recently chanced upon a spear-phishing email sent to an undisclosed recipient that contains three seemingly harmless documents. I was curious about the attached documents so I first checked the one titled AlSajana Youth Center financial Report.docx. The so-called financial report turned out to be…

Read More
Tags: Microsoft OfficeMicrosoft Word

Newly Patched MS Word 0-Day Heuristically Detected by Deep Discovery
  • Posted on:April 14, 2014 at 8:44 am
  • Posted in:Exploits, Vulnerabilities
  • Author:
    Jack Tang (Threats Analyst)
0

In between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability  (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in…

Read More
Tags: CVE-2014-1761ExploitMicrosoft WordMS Wordvulnerabilityzero day

Word and Excel Files Infected Using Windows PowerShell
  • Posted on:March 27, 2014 at 1:16 pm
  • Posted in:Malware
  • Author:
    Alvin John Nieto (Threat Response Engineer)
11

Malware targeting Word and Excel files has been around for some time, but we recently encountered a new malware family, CRIGENT (also known as “Power Worm”) which brings several new techniques to the table. (We detect these files as W97M_CRIGENT.A and X97M_CRIGENT.A.) Most significantly, instead of creating or including executable code, CRIGENT uses the Windows PowerShell…

Read More
Tags: CRIGENTMalwareMicrosoft ExcelMicrosoft WordPowershell

Microsoft Word Zero-Day Spotted in the Wild
  • Posted on:March 25, 2014 at 3:57 pm
  • Posted in:Targeted Attacks, Vulnerabilities
  • Author:
    Abigail Pichel (Technical Communications)
2

Microsoft has released a security bulletin announcing of a zero-day vulnerability affecting Microsoft Word. Furthermore, the company states that there are “limited, targeted attacks directed at Microsoft Word 2010.” If exploited, this vulnerability (CVE-2014-1761) could allow a remote attacker to execute commands remotely via specially crafted files and email messages. Microsoft has also released preliminary…

Read More
Tags: MicrosoftMicrosoft WordVulnerabilitieszero-day vulnerability

Security Predictions for 2019

  • Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape. We have categorized them according to the main areas that are likely to be affected, given the sprawling nature of the technological and sociopolitical changes under consideration.
    Read our security predictions for 2019.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • Drupal Vulnerability (CVE-2019-6340) Can Be Exploited for Remote Code Execution
  • Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
  • VPNFilter-affected Devices Still Riddled with 19 Vulnerabilities
  • Google Play Apps Drop Anubis Banking Malware, Use Motion-based Evasion Tactics
  • Identifying Top Vulnerabilities in Networks: Old Vulnerabilities, IoT Botnets, Wireless Connection Exploits

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.