An Interest In:
Web News this Week
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
Evil Clippy: a tool for making undetectable malicious Microsoft Office docs
Evil Clippy comes from Dutch security researchers Outflank: "a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows." Evil Clippy's magic depends in part on some awesomely terrible undocumented Office features, including "VBA Stomping": "if we know the version of MS Office of a target system (e.g. Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled." (via Eva) Read the rest
Original Link: http://feeds.boingboing.net/~r/boingboing/iBag/~3/ZeAMA8o2fk4/p-code-r-us.html