Formbook delivered via “new” RTF exploit

A bit of a change with the Formbook malware delivery system today. An email with the subject of “Re: Payment Update” pretending to come from “Silvia.Rey@rotork.com” with a malicious word RTF doc  attachment  delivers Formbook. The RTF file is quite different to the normal ones we see. Several antiviruses are detecting it generically as either CVE-2017-0199 or CVE-2017-11882 or CVE-2012-0158 but I don’t think any of those detections are entirely correct and it looks like a newer / different exploit. They are using email addresses and subjects that will scare or entice a user to read the email and open the Continue reading →