A very slightly strange and less usual malware campaign this morning that does eventually deliver Formbook. The email is nothing special, very terse & bland that just says ” Kindly find the attachment”. It has 2 Microsoft Word Doc attachments, both very small. the first is 4kb, the second 6kb. Both are actually malformed RTF files that contain CVE2017-11882 Microsoft Equation Editor exploits. These exploits have been fixed in all currently supported versions of Microsoft Office, so in theory, should not affect anybody. But we do see hundreds of victims from these exploits, where lax security patching or the use … Continue reading →