Wednesday 18 October 2017, Poradnik bezpieczeństwa

Old form of cyberattack – DDE and Office files

Lost24

The security experts from SensePost warn about a newly discovered form of the cyberattack, that takes advantage of one of the Microsoft Office feature, called Microsoft Dynamic Data Exchange (DDE). Surprisingly, this type of attack existed since the early 1990s, when DDE was introduced.

DDE was designed to allows the Office application to load data from other each other. Unfortunately, it can be also used by the hackers to create malicious Word files with DDE fields that instead of opening another Office app, open a command prompt and run malicious code.

This is just another case where malware authors have found a creative way of abusing a legitimate feature, like with OLE and macros.

Before the Microsoft Office developer releases an effective countermeasures, the users of the DDE feature should be wary of opening Office files with DDE links, if they received the documents via e-mail from unknown persons.