Microsoft is warning of an innovative new technique attackers are using to sneak macro malware past virus detection engines and add to the already huge uptick in reported macro attacks.
According to researchers at Microsoft’s Malware Protection Center, they stumbled upon the macro technique in a file containing VBA project scripts with a sample of well-known malicious macro malware called TrojanDownloader:O97M/Donoff. It wasn’t the malware that piqued Microsoft’s interest, it was the attacker’s never-before-seen obfuscation technique.
It wasn’t immediately obvious that the macro file was actually malicious, wrote Marianne Mallen and Wei Li, both antivirus researchers at the Microsoft Malware Protection Center, who co-authored a blog post earlier this week on their discovery. “It [was] a Word file that contains seven VBA modules and a VBA user form with a few buttons (using the CommandButton elements),” wrote both authors.
Facebook on Thursday patched a pair of vulnerabilities that enabled brute-force attacks against Instagram passwords, and also hardened its password policy.
Researcher Arne Swinnen privately disclosed the flaws in December and in February respectively. One bug was patched in February, while the other went through two rounds of fixes before the issue was resolved on May 10. Swinnen received a combined $5,000 bounty.
The severity of the vulnerabilities was exacerbated by Instagram’s weak password policies and its practice of enumerating userIDs incrementally put accounts in jeopardy with minimal effort, Swinnen said.
“This could have allowed an attacker to compromise many accounts without any user interaction, including high-profile ones,” Swinnen wrote in a report describing details of both vulnerabilities.
Microsoft outlined new anti-terrorism policies today. Terrorists are no longer welcome to use Microsoft's online services, and the company will remove terrorist content when it's reported to be on the company's systems.
Researchers with the Defense Advanced Research Projects Agency (DARPA) have quickly moved to alter the way the military, public and private enterprises protect their networks from high-and low-speed distributed denial-of-service attacks with a program called Extreme DDoS Defense (XD3).
The agency has since September awarded seven XD3 multi-million contracts to Georgia Tech, George Mason University, Invincea Labs, Raytheon BBN, Vencore Labs (two contracts) and this week to the University of Pennsylvania to radically alter DDOS defenses. One more contract is expected under the program.
The UPenn project is developing defenses against distributed denial of service attacks that target specific protocols and their logic. These attacks are often difficult to diagnose and stop because the total volume of malicious traffic may be very low. The UPenn project attempts to pinpoint the specific protocol component that is under attack and then massively replicate that component to blunt the effects of the attack, DARPA stated.