Technology

Save
Print
License article

Microsoft moves quickly to patch Word bug that leaves users' bank details vulnerable

Microsoft has moved swiftly to patch a major security flaw in all current versions of Word, used by millions of Australians.

The bug allows an exploit, known as the Dridex banking trojan, to gain access to a user's computer.

Up Next

Manus detainee videos during alleged gunfight

null
Video duration
02:38

More National News Videos

Is your phone secure?

In the age of phishing and hacking, here are three steps to help you become a cybersecurity expert.

Once access is gained, a hacker can then steal the users' personal banking details and passwords.

The bug was detected late last week by multiple sources, including cyber security companies McAfee and FireEye.

Victims are affected by opening compromised Word documents sent to them via email with attachments that are loaded with the bug, security firm Proofpoint said in a blog post on Monday.

The subject line in all cases reportedly reads "Scan Data" and the attachments are named Scan_xxxxxx.doc", where xxxxxx is a random number.

Advertisement

Scanned documents are sent via emails that commonly carry similar subject lines.

The targets were primarily in Australia and across numerous organisations, Proofpoint said.

Dridex is a so called "zero-day vulnerability", which means that it was sent out with zero notice for Microsoft to create and implement a patch to thwart it.

While most malware requires human intervention to activate it in a system, the Microsoft zero-day can run by simply opening the corrupted Word document.

Proofpoint said its testing revealed computers infected with the malware to be "fully exploited" (exposed).

It recommended that "because of the widespread effectiveness and rapid weaponisation of this exploit, it is critical that users and organisations apply the patch as soon as possible".

"One of the reasons Dridex actors targeted millions of Australian recipients [was] because they wanted to take advantage of the small window before it was patched. 

"Sending it to Australian organisations early on Tuesday morning Australian time/late Tuesday US time provided a longer window of possible exposure," Bryan Burns of Proofpoint said.

A Microsoft spokesperson said: "[The vulnerability] was addressed in the April security update released on April 11, 2017. 

"Customers who applied the update, or have automatic updates enabled, are already protected."

A similar exploit allowed hackers to steal more than £20 million ($33 million) from British bank accounts in 2015, the BBC reported.

Correction: An earlier version of this story incorrectly referred to the Dridex banking trojan as a bug rather than an exploit that takes advantage of a bug or vulnerability.