According to the expert’s point of view, email delivering malware is not a kind of news but this campaign is very serious and you must know about it being a Windows PC user. Are per reports, an aggressive malware campaigns is using emails in European languages and is circulating RTF files which distributes CVE-2017-11882 exploits and recently gives warning to Microsoft security intelligence team. These exploits allow hackers to automatically inject malicious codes without getting users permission.
Last year the vulnerability of CVE-2017-11882 was used in combination with various other campaigns delivering Coblnt Trojan. According to its description, Microsoft Office 2007service pack 3, Microsoft Office 2010service pack 2 allow an attacker to run an illegal code in the context of current user.
Removal instructions of Coblnt Trojan from infected PC:
An attacker successfully adds CVE-2017-11882 arbitrary code in the context of the current user. If user is logged on with administrative user rights, they can take full control of the affected computer and installs program, change or delete data and many more. They also have a right to create new accounts on user desktop. This issues is primarily targeting Microsoft Office 2013 Service Pack 1, Microsoft Office 2010 Service Pack 2, Microsoft Office 2007 Service Pack 3, , , and Microsoft Office 2016
It is important to know that Microsoft released patch CVE-2017-11882 manually in November 2017. Despite the facts, it is still utilized in attacks. Microsoft has noticed in increase in such activities in past few weeks.
The current campaign involved in downloading RTF files which perform multiple scripts in your system such as VBScript, PHP and many more scripts. Afterwards script downloads the payloads and identified it as a Trojan: MSIL/Cretasker. Thus, the attack does not stop here it opens backdoor to connect immediately to the malicious domain to perform its activities.