Spam Campaigns with Malware Exploiting CVE-2017-11882 Spread in Australia and Japan

 Analysis by: Cedrick Ramos

Spam campaigns, carrying links or malicious .doc files, exploiting the Microsoft Office vulnerability known as CVE-2017-11882 is spreading in Australia and Japan. The Australia spam campaign is persuading recipients to click on a link that will redirect to malware detected as TROJ_RTFCVE201711882.A:

The Japanese spam campaign, on the other hand, comes in varying forms. Some spammed messages hides the malicious file in the email's code, while other messages appear as an unformed email that has the malicious document, detected as TROJ_RTFCVE2017118882.B:

Just looking at the form of the email messages tells the reader that it is highly suspicious. Users should immediately delete email of this nature.

 SPAM BLOCKING DATE / TIME: November 23, 2017 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:3486