Cobalt malware leverages recently patched 17-year-old Microsoft flaw

By
Cobalt malware leverages recently patched 17-year-old Microsoft flaw

Just in the nick of time...

Cobalt malware was documented exploiting the 17-year-old CVE-2017-11882 vulnerability via spam just a few days after researchers noted a similar spam campaign exploiting an RTF documents.

Microsoft only recently patched the memory corruption vulnerability that exists in the Office software when the program fails to properly handle objects in memory. The flaw could allow an attacker to run arbitrary code.

Shortly after the vulnerability was announced threat actors weaponised the flaw to deliver a malware using a component from a Cobalt Strike penetration testing tool, according to a Nov. 27 Fortinet blogpost. The malware is spread via a spam campaign posing as a notification from Visa about rule changes in its payWave service in Russia and is contained in a malicious RTF document attachment.

Researchers said the CVE-2017-11882 exploit leads to a Cobalt Strike Beacon and that in this attack, multiple stages of scripts are downloaded and executed to get to the main malware payload. Once the exploit is triggered, an obfuscated JavaScript is downloaded and is executed by using Microsoft HTML Application Host.

“Once the document is opened, the user is presented with a plain document,” researchers said in the post. “However, in the background a PowerShell script is already being spawned that will eventually download a Cobalt Strike client to take control of the victim's system.”

The cyber-criminals behind the attack were able to load Cobalt Strike's module without the need to write it as a physical file but instead by using the trusted Microsoft Windows tools to run client-side scripts, which can be overlooked by traditional anti-virus products.

Users are urged to update their systems as soon as possible to avoid infection.

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

YouTube to take on Spotify with YouTube Remix in 2018

YouTube to take on Spotify with YouTube Remix in 2018

Review: Sony Xperia XZ1

Review: Sony Xperia XZ1

All the new features coming to Google Maps

All the new features coming to Google Maps

Ex-Bioware writer David Gaider on representation in games

Ex-Bioware writer David Gaider on representation in games