Some of the ways we've seen this seen of this include: This attack instead drops files into various startup folders, and waits for the user to reboot their machine. However, it does have the capability to manipulate files. PostScript does not have the ability to execute shell commands. The appearance of these decoy documents are shown below:įigures 1 and 2. Some of the subject lines and document names used include “Bitcoin” and “Financial Security Standardization”. No actual exploit is used, as this is a case where a feature of PostScript is being abused. The goal of this attack is to use PostScript to gain a foothold onto a victim's machine. It shouldn't be a surprise that other office suites are similarly targeted. The various components of Microsoft Office have been exploited for years, whether via social engineering ( macro malware) or vulnerabilities. Office suites have long been a popular way of getting users to drop and run malware on their systems. We have started seeing malicious attachments that contain malicious PostScript, which is in turn being used to drop shortcuts (or actual malicious files) onto the affected system. This is supposed to make opening these documents safer, but unfortunately older HWP versions implement these restrictions improperly. Unfortunately, this ability is now being exploited in attacks involving malicious attachments.Ī branch of PostScript called Encapsulated PostScript exists, which adds restrictions to the code that may be run. It possesses the ability to run PostScript code, which is a language originally used for printing and desktop publishing, although it is a fully capable language. The Hangul Word Processor (HWP) is a word processing application which is fairly popular in South Korea.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |