Evil Clippy: a tool for making undetectable malicious Microsoft Office docs

Evil Clippy comes from Dutch security researchers Outflank: "a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows." Evil Clippy's magic depends in part on some awesomely terrible undocumented Office features, including "VBA Stomping": "if we know the version of MS Office of a target system (e.g. Office 2016, 32 bit), we can replace our malicious VBA source code with fake code, while the malicious code will still get executed via p-code. In the meantime, any tool analyzing the VBA source code (such as antivirus) is completely fooled." (via Eva)

from Boing Boing http://bit.ly/2V0d88J
via IFTTT

Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment