You keep Office patched and up to date?
Microsoft’s security researchers have issued a warning on Friday afternoon about an ongoing spam wave that is spreading emails carrying malicious RTF documents that infect users with malware without user interaction, once users open the RTF documents.
Microsoft said the spam wave appears to target European users, as the emails are sent in various European languages.
“In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload,” the Microsoft Security Intelligence team said.
The final payload is a backdoor trojan, Microsoft said. Fortunately, the trojan’s command and control server appears to have gone down by Friday, when Microsoft issued its security alert.
However, there is always the danger of future campaigns that may exploit the same tactic to spread a new version of the backdoor trojan that connects to a working server, allowing crooks direct access to infected computers.
The good news is that users can be completely safe from this spam campaign. The initial infection vector relies on an old Office vulnerability that Microsoft patched back in November 2017.
Users who applied the November 2017 Patch Tuesday security updates should be safe.