Malware Author Stamped Code 'For Targeted Attacks Only'

Sara Peters

When the Microsoft Word Intruder Office malware creation kit got too high-profile, the developer changed terms of service, Sophos report says.

The author and operator of the “most influential Office malware creation kit today,” according to researchers at SophosLabs, has decided to market his wares only to targeted attackers, rather than spammers or others launching broad campaigns. Russian developer “Objekt” has even written it into the terms of service for his Microsoft Word Intruder (MWI) — an Office malware creation kit used by at least a dozen different cybercrime groups to deliver payloads via malicious documents, often attached to emails.

MWI generates rich text documents that can exploit a variety of vulnerabilities in Word. It delivers payloads through either a dropper — which embeds executables directly — or a downloader — which uses shellcode to download the payload. It uses a polymorphic decryptor and has a module called MWISTAT that keeps track of attack campaigns and infection rates.

To read the entire article, please click here.