Skip to main content

Posts

Showing posts with the label CVE-2014-4114

What You Need to Know About the "Sandworm" Exploit

You may have heard about last month's hack of computers belonging to NATO, Ukrainian and European Union representatives . The attack vector was a classic - a loaded email; classic enough that at first I wondered why the attacks were so successful, post-Stuxnet. Every target opened an email with an infected Microsoft Power Point document. The Power Point was executable. Under ordinary circumstances, users are provided with a security warning that they must over-ride when running and saving executable Power Points. I haven't been able to find confirmation in the news as to whether users read and confirmed these security warnings before running the loaded files; I haven't been able to get my hands on a copy of Sandworm to see for myself, either (please leave a message or email me if you have such a copy). In some sense, the incompetence entailed in triggering the infection is a bit more forgivable as apparently this infection has been running unabated since its first succe