Many of Microsoft’s products can support the VB scripting engine to load web content or code, but the engine has been found to be vulnerable and has been exploited.
Since the beginning of the year, the VB scripting engine has been found by the security companies at home and abroad to find multiple vulnerabilities. After these vulnerabilities were discovered, Microsoft also timely repaired the vulnerabilities.
At the same time, based on security considerations, Microsoft has disabled the VB scripting engine by default in the operating system and browser, but it can continue to load in the office software.
The routine cumulative update released by Microsoft this month has fixed the latest VB engine’s discovered vulnerabilities, but this has not affected hackers’ continued use of vulnerabilities.
Since the Microsoft Office family of software can still load web content through the VB engine, hacker organisations are beginning to target office software.
By creating a specific office document to induce user loading, after loading, the VB engine vulnerability can be used to download malicious programs and load them into the system for monitoring.
The primary purpose of this malware is to collect information rather than to spread rogue software or extortion. All hacker organisations have apparent espionage purposes.
The security companies such as Kaspersky and Trend Micro and McAfee have tracked hacking activities associated with VB scripting engine vulnerabilities.
By comparing source code security companies, the hacker organisation that exploited the VB scripting engine vulnerability had the same code as several hacker organisations in the past few years.
Kaspersky began tracking the hacking organisation a decade ago, and the company’s security experts believe the organisation is an active and long-running hacker organisation.
The final analysis can even lead to a hacking organisation named DARKHOTEL related to the Sony Pictures attack, which indirectly confirms the North Korean relationship.
Via: Qihoo 360