{"id":17820,"date":"2020-02-25T10:52:18","date_gmt":"2020-02-25T18:52:18","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2020\/02\/25\/news-11553\/"},"modified":"2020-02-25T10:52:18","modified_gmt":"2020-02-25T18:52:18","slug":"news-11553","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/25\/news-11553\/","title":{"rendered":"VB2019 paper: Static analysis methods for detection of Microsoft Office exploits"},"content":{"rendered":"<p>Though the typical malware attack in 2020 arrives by email and is executed via the enabling of <em>Office<\/em> macros, some attacks exploit (patched) vulnerabilities in <em>Office<\/em> that allow for the execution of malicious code when someone merely opens the file.<\/p>\n<p>In a paper presented at VB2019 in London, <em>McAfee<\/em> researcher Chintan Shah presented methods for detecting such <em>Office<\/em> exploits using static analysis. The tool he wrote detected 80 to 100 per cent of <em>Office<\/em> exploits that have been used in targeted attacks in the wild.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" style=\"display: block; margin-left: auto; margin-right: auto;\" src=\"https:\/\/www.virusbulletin.com\/files\/cache\/a130b6ffa964d883e0a2395de433780a_f4358.jpg\" alt=\"Shah-figure26.jpg\" width=\"660\" height=\"616\" \/><span class=\"centered-caption\">Implementation of the static analysis engine.<\/span><\/p>\n<p>\u00a0<\/p>\n<p>Today we publish Chintan&#8217;s paper in both <a title=\"VB2019 paper: Static analysis methods for detection of Microsoft Office exploits\" href=\"https:\/\/www.virusbulletin.com\/virusbulletin\/2020\/02\/vb2019-paper-static-analysis-methods-detection-microsoft-office-exploits\/\">HTML<\/a> and <a href=\"https:\/\/www.virusbulletin.com\/uploads\/pdf\/magazine\/2019\/VB2019-Shah.pdf\" target=\"_blank\">PDF<\/a> format as well as the recording of his VB2019 presentation.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p style=\"text-align: center;\" width=\"100%\" height=\"420\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/WzQV0QnQqho\" frameborder=\"0\" width=\"100%\" height=\"420\" style=\"\"> <\/iframe><\/p>\n<p>\u00a0<\/p>\n<p><em><em>Have you carried out research that furthers our understanding of the threat landscape? Have you discovered a technique that helps in the analysis of malware? <\/em>The <a title=\"VB2020 call for papers - now open!\" href=\"https:\/\/www.virusbulletin.com\/blog\/2019\/12\/vb2020-call-papers-now-open\/\">Call for Papers<\/a> for VB2020 in Dublin is open! Submit your abstract before <strong>15 March<\/strong> for a chance to make it onto the programme of one of the most international threat intelligence conferences.<\/em><\/p>\n<p>outertext<br \/><a href=\"https:\/\/www.virusbulletin.com\/blog\/2020\/02\/vb2019-paper-static-analysis-methods-detection-microsoft-office-exploits\/\" target=\"bwo\" >https:\/\/www.virusbulletin.com\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.virusbulletin.com\/files\/cache\/a130b6ffa964d883e0a2395de433780a_f4358.jpg\"\/><br \/>                                 Today we publish the VB2019 paper and presentation by McAfee researcher Chintan Shah in which he described static analysis methods for the detection of Microsoft Office exploits.                 <\/p>\n<p>                 <a href=\"https:\/\/www.virusbulletin.com\/blog\/2020\/02\/vb2019-paper-static-analysis-methods-detection-microsoft-office-exploits\/\">Read more<\/a>                                <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[23177,10378,23176],"tags":[],"class_list":["post-17820","post","type-post","status-publish","format-standard","hentry","category-magazine","category-security","category-virusbulletin"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17820"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17820\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17820"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}