Cyber security news for all

More

    Embedded malware threatens the security of RTF documents

    Fewer vulnerabilities were found in RTF because this document format does not offer the extensive functionality, such as DOC files from Microsoft Word. In theory, less functionality means less usable options for bad intentions. Therefore, the RTF format is often used for the supposedly secure exchange of documents. Most office programs can read RTF files and the format offers enough possibilities to make a text appealing. On the other hand, RTF documents have more functionality than text files. With a pure text format however, there is little opportunity for an appealing design of the content. So RTF seems to be the best compromise between functionality and security.

    Embedded RTF Malware

    How The Attack Works

    However, other files can be embedded in RTF documents. The security providers described how users should be made to click on such an embedded malicious file via a social engineering attack. Users can open such a file in Windows directly from Wordpad. Experts report that the malicious RTF document contains instructions for the user to open the embedded file. The supposed confirmation of receipt is actually a CPL for the Windows Control Panel. The CPL file started in this way in the RTF document then downloads the malware – an unusual way of spreading malware.

    The Embedded RTF Malware

    As a user, keep in mind that there are few legitimate reasons to embed a file in an RTF document. If you have this case, you should be careful. Appropriate training of employees is therefore advisable, but experience has shown that it is not safe. Organizations can protect their endpoints with anti-spam or anti-malware software that scans email and or network traffic. Another option would be network devices that identify embedded files via deep inspection.

    Of course, RTF files can also be completely blocked in contrast to DOC and PDF files. They are not used that often. However, this does not stop the dangers posed by possible malware in other file attachments. This gives us the option of simply blocking all file attachments from external email addresses. But this drastic measure is guaranteed to have a negative impact on business. Given all of these tradeoffs, the most reliable way to deploy anti-malware software on the endpoints is to use network devices such as intrusion prevention systems, anti-malware appliances or next-generation firewalls.

    Recent Articles

    KuCion crypto confirms 150 million dollar security breach

    Cyber criminals were able to steal from the KuCion crypto and stole coins worth millions. On the evening of last Friday, KuCion crypto noticed...

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Vodafone experiences a vulnerability with fatal effects

    The injected JavaScript can access the session cookies from Vodafone website and send them to a server. An attacker can take over the session...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox