[Techinfo] Get your Comp Infected Without Even Trying?

I may never show it in any of my blog entries, but I’m always fascinated with the development of technology these days. And I wasn’t talking about the fancy rocket science though. I’m talking about gadgets and Personal Computers (PC) or notebook.

I am fully aware that my blog is totally random. Themeless. I write what ever I want and came into my mind, especially if it’s useful info. And I’m determined to share even the simplest matter (to me), because–who knows–that same matter is happen to be useful info for others.

Anyways, this evening I received a monthly newsletter (June edition) from Avira. Kind of shocking info i read there. But before I share the info, let me say, uhm, yeah, I’m an Avira user since 2006. I used it to protect the office PC. Well, I’m still using it now. Then I also use it on my laptops and my android. So, yeah, surely I’ve subscribed its newsletter.
Here it is the info I received. Worthy reading, totally, if you care about your computer’s “cleanliness”. Especially because the danger of phising and malware are now escalating. So.. here we go.

image

Anatomy of a Zero-Day Exploit: How to get infected without even trying

A lot of people think they’ve never been infected by malware. If you have antivirus installed on your computer and mobile phone and you are reasonably careful about what you click on, then you should be fine. Right?

Maybe. You’ve probably been exposed and don’t even know it. Recently the virus hunters in our Avira Protection Lab discovered a ‘zero-day’ exploit that uses a vulnerability in Microsoft Office to cleverly trick people into downloading a malicious executable file (.exe) without clicking. It works like this:

Step 1: You receive an email that contains a Microsoft Word document saved as an RTF (Rich Text Format) attachment.

Step 2 : Microsoft Outlook uses Microsoft Word as the default tool to display files and messages in Outlook’s preview pane. So you don’t need to click open the attachment; just looking at a preview of the email is enough to trigger the malware.

Step 3 : The malware uses the Microsoft RTF vulnerability to execute malicious code directly into the memory of your computer. You haven’t downloaded anything!

Step 4 : The malware code then creates or downloads an executable file (.exe) and executes it in the background. You don’t see anything.

Step 5 : The malware drops a backdoor onto your computer, allowing the hacker to come back and access your newly infected computer at any time.

This vulnerability affects Microsoft Word versions 2000-2013, and Microsoft Outlook 2007, 2010 and 2013. Microsoft is aware of the problem, but they have not issued a patch.

Fortunately, Avira security software detects and stops this particularly crafty exploit. So you can stay calm and carry on.

Nice, right. Okay, I don’t mean to promote avira, but it IS a good app. ^_^

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s