Unexpected threat: objects in RTF files
No antivirus from virustotal.com’s arsenal found EICAR in the test file.
By specially processing the executable file and inserting it into the RTF file, you can get a reliable container for the virus. The danger factor is that most antiviruses do not scan objects embedded in RTF files in this way.
The user, opening the file and clicking twice on the object, will launch the executable file with its own rights. Windows Vista will prompt you for execution, XP SP2 will issue a standard warning about unsigned code, earlier versions will silently launch the program.
By specially processing the executable file and inserting it into the RTF file, you can get a reliable container for the virus. The danger factor is that most antiviruses do not scan objects embedded in RTF files in this way.
The user, opening the file and clicking twice on the object, will launch the executable file with its own rights. Windows Vista will prompt you for execution, XP SP2 will issue a standard warning about unsigned code, earlier versions will silently launch the program.
')
Source: https://habr.com/ru/post/13166/
All Articles