Malicious Code Exploit Discovered in Microsoft Office -- Redmond Channel Partner

Malicious Code Exploit Discovered in Microsoft Office

By Scott Bekker
October 29, 1999

Finjan Software (www.finjan.com) announced that they have discovered a new exploit involving Microsoft Windows scrap files that could be used to deliver Trojan attacks. Microsoft Office applications can be used to create "scrap" files (.SHS extension) to hide executable programs.

Because the file extension on .SHS files is always hidden, a file can be falsely named with a harmless-seeming file extension (.TXT, .JPG, .GIF), which a user will be more likely to open. Once opened, a scrap file will transmit the Trojan executable program to the user's machine.

Microsoft Windows scrap files are created when a file is copied into an open Microsoft Office document and then copied and pasted onto the Windows desktop. The new scrap file is created with the hidden file extension .SHS, but can easily be renamed by a malicious user. When distributed via e-mail messages or instant message file transfer or other Web-based media, a scrap file's extension becomes visible, but once saved to the hard drive, the .SHS extension will disappear again.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.
Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Organizations that want to extend the life of their Windows 10 PCs can begin buying extension plans from Microsoft's Cloud Solution Provider (CSP) partners on Sept. 1.
Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft is readying a new "Windows endpoint security platform" as part of its Windows Resiliency Initiative (WRI).
Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

Forrester has singled out Microsoft as the leading cloud hyperscaler in the increasingly AI-driven field of enterprise security analytics.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Malicious Code Exploit Discovered in Microsoft Office

Featured

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft CSPs To Start Selling Windows 10 ESU this Fall

Microsoft Gives Security Partners First Dibs at New Windows Security Platform

Microsoft Cements Lead in Increasingly AI-Centric Security Analytics

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Consolidates Cloud Migration Programs into 'Azure Accelerate'

Pax8 to MSPs: Embrace AI Agents and 'Managed Intelligence'

So You Want To Be an MSP? Here's What It Really Takes

Crowe Joins Microsoft Dynamics 365 AI Program

2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Microsoft Consolidates Cloud Migration Programs into 'Azure Accelerate'

Pax8 to MSPs: Embrace AI Agents and 'Managed Intelligence'

So You Want To Be an MSP? Here's What It Really Takes

Crowe Joins Microsoft Dynamics 365 AI Program

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Tech Talk | Stop Buying What You Already Own: The MSP's Guide to Microsoft 365 Optimization

Veeam Data Cloud for Microsoft 365

Seamless Transitions: Migrating Your VMware Workloads to Azure

Azure Virtual Desktop: The Smart Choice for Remote Work Success

FREE WHITE PAPERS FROM OUR SPONSORS

The Easy Button eBook: Simplicity of SaaS-Based Backup for Microsoft 365

Unlocking the power of Microsoft 365 management: A toolkit for MSP success

How MSPs can future-proof Microsoft 365 management with automation and security

The future of M365 management