Office驚現零日漏洞 黑客可利用Word文檔安裝惡意軟件

Online banking customers around the world should be on the lookout for scam emails that allow hackers to steal your passwords - and your money.

世界各地的網上銀行客戶們都得小心了！黑客可以用詐騙電子郵件盜取你的密碼——以及你的錢！

Phishing emails which claim to be from reputable financial organisations contain hidden software - designed to exploit a newly discovered flaw in Microsoft Word.

這些釣魚電子郵件會聲稱來自信譽良好的金融機構，但是卻隱藏有軟件--這種軟件利用的是微軟Word新發現的一個漏洞。

Documents opened with the word processing software may trick users into downloading code that allows cyber criminals to infect their computer and capture banking logins.

這種Word文檔會欺騙用戶下載代碼，而網絡罪犯可以利用這些代碼感染用戶的電腦，從而獲得銀行登錄信息。

Cyber security firm Proofpoint warned that the exploit was being used to spread the trojan software - called Dridex.

網絡安全公司Proofpoint日前警告稱，該漏洞被用來傳播一種被稱爲“Dridex”的木馬軟件。

Dridex has previously been used to steal online banking passwords globally, resulting in the theft of hundreds of millions of dollars worldwide.

Dridex曾經就被用於在全球盜竊網上銀行密碼，造成全世界範圍內數億美元失竊。

During an outbreak of the virus in 2015, the US was most heavily affected according to computer security firm Symantec.

據電腦安全公司賽門鐵克表示，在2015年該病毒肆虐期間，美國受災最嚴重。

This was followed by Japan and Germany, with significant numbers of infections also seen in the UK, Canada, Australia, and a number of other European countries.

其次是日本和德國，而英國、加拿大、澳大利亞和多個歐洲國家感染者也爲數衆多。

The latest email campaign started in Australia, but experts are warning this could quickly spread to the rest of the world.

而此次通過電子郵件傳播病毒的事件起於澳大利亞，但是專家警告稱，很可能很快就會蔓延到世界其他地區。

The exploit targets a previously undiscovered flaw - known in security circles as a 'zero-day' vulnerability - in the software.

該漏洞針對的是Word之前一個未發現的缺陷——在安全界被稱爲“零日”。

This allows hackers to insert malicious code into the body of a document - in this case fake RTF files (Rich Text Format) which are actually disguised HTML code.

黑客可以利用該漏洞，將惡意代碼插入到一個文檔中——這樣一來，RTF格式的文件實際上是變相的HTML代碼。