Office惊现零日漏洞 黑客可利用Word文档安装恶意软件(在线收听

   Online banking customers around the world should be on the lookout for scam emails that allow hackers to steal your passwords - and your money.

  世界各地的网上银行客户们都得小心了!黑客可以用诈骗电子邮件盗取你的密码——以及你的钱!
  Phishing emails which claim to be from reputable financial organisations contain hidden software - designed to exploit a newly discovered flaw in Microsoft Word.
  这些钓鱼电子邮件会声称来自信誉良好的金融机构,但是却隐藏有软件--这种软件利用的是微软Word新发现的一个漏洞。
  Documents opened with the word processing software may trick users into downloading code that allows cyber criminals to infect their computer and capture banking logins.
  这种Word文档会欺骗用户下载代码,而网络罪犯可以利用这些代码感染用户的电脑,从而获得银行登录信息。
  Cyber security firm Proofpoint warned that the exploit was being used to spread the trojan software - called Dridex.
  网络安全公司Proofpoint日前警告称,该漏洞被用来传播一种被称为“Dridex”的木马软件。
  Office惊现零日漏洞 黑客可利用Word文档安装恶意软件
  Dridex has previously been used to steal online banking passwords globally, resulting in the theft of hundreds of millions of dollars worldwide.
  Dridex曾经就被用于在全球盗窃网上银行密码,造成全世界范围内数亿美元失窃。
  During an outbreak of the virus in 2015, the US was most heavily affected according to computer security firm Symantec.
  据电脑安全公司赛门铁克表示,在2015年该病毒肆虐期间,美国受灾最严重。
  This was followed by Japan and Germany, with significant numbers of infections also seen in the UK, Canada, Australia, and a number of other European countries.
  其次是日本和德国,而英国、加拿大、澳大利亚和多个欧洲国家感染者也为数众多。
  The latest email campaign started in Australia, but experts are warning this could quickly spread to the rest of the world.
  而此次通过电子邮件传播病毒的事件起于澳大利亚,但是专家警告称,很可能很快就会蔓延到世界其他地区。
  The exploit targets a previously undiscovered flaw - known in security circles as a 'zero-day' vulnerability - in the software.
  该漏洞针对的是Word之前一个未发现的缺陷——在安全界被称为“零日”。
  This allows hackers to insert malicious code into the body of a document - in this case fake RTF files (Rich Text Format) which are actually disguised HTML code.
  黑客可以利用该漏洞,将恶意代码插入到一个文档中——这样一来,RTF格式的文件实际上是变相的HTML代码。
  原文地址:http://www.tingroom.com/guide/news/404286.html