Microsoft has moved swiftly to patch a major security flaw in all current versions of Word, used by millions of Australians.
The bug, known as the Dridex banking Trojan, targets users' personal banking details.
More National News Videos
- Video duration
- 02:01
Is your phone secure?
Is your phone secure?
In the age of phishing and hacking, here are three steps to help you become a cybersecurity expert.
Up Next
Police find body of missing bushwalker
- Video duration
- 00:47
- Video duration
- 00:47
Police find body of missing bushwalker
Police find body of missing bushwalker
Police locate the body of missing Sydney bushwalker, Shazia Edah-Tally, at the bottom of a cliff in the Royal National Park.
Up Next
Ron Medich trial: Jury unable to reach verdict
- Video duration
- 04:03
- Video duration
- 04:03
Ron Medich trial: Jury unable to reach ...
Ron Medich trial: Jury unable to reach verdict
Property developer Ron Medich had pleaded not guilty to ordering the contract killing of his former business partner Michael McGurk in 2009. Fairfax reporter Kate McClymont takes a look back at the murder trial.
Up Next
'Ill-informed, under-prepared, and psychologically ill-equipped'
- Video duration
- 02:29
- Video duration
- 02:29
'Ill-informed, under-prepared, and ...
'Ill-informed, under-prepared, and psychologically ill-equipped'
Former foreign affairs minister Gareth Evans is urging Australia to reduce its dependence on the United States alliance and accept China as a legitimate "global rule maker".
Up Next
'Regret of waste'? There's a word for that
- Video duration
- 02:34
- Video duration
- 02:34
'Regret of waste'? There's a word for that
'Regret of waste'? There's a word for that
An ancient Japanese practice is reinventing our idea of recycling, and challenging consumerism along the way.
Up Next
The Furry Facts of turbulence
- Video duration
- 02:34
- Video duration
- 02:34
The Furry Facts of turbulence
The Furry Facts of turbulence
How do modern aircraft handle turbulence, and is it a major risk?
Up Next
Sandy the dingo's gift to science
- Video duration
- 01:30
- Video duration
- 01:30
Sandy the dingo's gift to science
Sandy the dingo's gift to science
Sandy the purebred desert dingo beat four international finalists to take first place in the World's Most Interesting Genome Competition. Vision: UNSW
Up Next
Outrage over video condoning violence against disobedient wives
- Video duration
- 03:35
- Video duration
- 03:35
Outrage over video condoning violence ...
Outrage over video condoning violence against disobedient wives
The Women of Hizb ut-Tahrir Australia publish a controversial video to Facebook wherein the participants appear to legitimise hitting women that are 'sinful' in the context of their interpretation of Islamic tradition.
Is your phone secure?
In the age of phishing and hacking, here are three steps to help you become a cybersecurity expert.
It gives the hackers control of the infected computer and the users' personal banking details and passwords.
The bug was detected late last week by multiple sources, including cyber security companies McAfee and FireEye.
Related Content
Victims are affected by opening compromised Word documents sent to them via email with attachments that are loaded with the bug, security firm Proofpoint said in a blog post on Monday.
The subject line in all cases reportedly reads "Scan Data" and the attachments are named Scan_xxxxxx.doc", where xxxxxx is a random number.
Scanned documents sent via email commonly carry similar subject lines.
The targets were primarily in Australia and across numerous organisations, Proofpoint said.
Dridex is a so called "zero-day vulnerability", which means that it was sent out with zero notice for Microsoft to create and implement a patch to thwart it.
While most malware requires human intervention to activate it in a system, the Microsoft zero-day can run by simply opening the corrupted Word document.
Proofpoint said its testing revealed computers infected with the malware to be "fully exploited" (exposed).
It recommended that "because of the widespread effectiveness and rapid weaponisation of this exploit, it is critical that users and organisations apply the patch as soon as possible".
"One of the reasons Dridex actors targeted millions of Australian recipients [was] because they wanted to take advantage of the small window before it was patched.
"Sending it to Australian organisations early on Tuesday morning Australian time/late Tuesday US time provided a longer window of possible exposure," Bryan Burns of Proofpoint said.
A Microsoft spokesperson said: "[The vulnerability] was addressed in the April security update released on April 11, 2017.
"Customers who applied the update, or have automatic updates enabled, are already protected."
A similar exploit allowed hackers to steal more than £20 million ($33 million) from British bank accounts in 2015, the BBC reported.