Malicious Code Exploit Discovered in Microsoft Office -- Redmond Channel Partner

Malicious Code Exploit Discovered in Microsoft Office

By Scott Bekker
October 29, 1999

Finjan Software (www.finjan.com) announced that they have discovered a new exploit involving Microsoft Windows scrap files that could be used to deliver Trojan attacks. Microsoft Office applications can be used to create "scrap" files (.SHS extension) to hide executable programs.

Because the file extension on .SHS files is always hidden, a file can be falsely named with a harmless-seeming file extension (.TXT, .JPG, .GIF), which a user will be more likely to open. Once opened, a scrap file will transmit the Trojan executable program to the user's machine.

Microsoft Windows scrap files are created when a file is copied into an open Microsoft Office document and then copied and pasted onto the Windows desktop. The new scrap file is created with the hidden file extension .SHS, but can easily be renamed by a malicious user. When distributed via e-mail messages or instant message file transfer or other Web-based media, a scrap file's extension becomes visible, but once saved to the hard drive, the .SHS extension will disappear again.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

The 2021 Microsoft Product Roadmap

From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.
Q&A: What Microsoft Viva Means for Partners and the SharePoint Community

With Microsoft Viva applications rolling out, VisualSP's Asif Rehmani shares his take on how the platform could impact SharePoint users and Microsoft partners.
Microsoft Launches Surface Laptop 4, New Surface Accessories

Microsoft has begun shipping its new Surface Laptop 4 devices in the United States, Canada and Japan, with other markets planned later.
2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

Malicious Code Exploit Discovered in Microsoft Office

Featured

The 2021 Microsoft Product Roadmap

Q&A: What Microsoft Viva Means for Partners and the SharePoint Community

Microsoft Launches Surface Laptop 4, New Surface Accessories

2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2021 Microsoft Product Roadmap

Microsoft Launches Surface Laptop 4, New Surface Accessories

2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Exit Interview: Microsoft U.S. Channel Chief David Willis

Microsoft's Top 350 U.S. Partners

The 2021 Microsoft Product Roadmap

Microsoft Launches Surface Laptop 4, New Surface Accessories

2021 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Exit Interview: Microsoft U.S. Channel Chief David Willis

Microsoft's Top 350 U.S. Partners

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

Partner's Guide to Making the Most of Dynamics 365 IUR

FREE WEBCASTS FROM OUR SPONSORS

Build a Successful Microsoft 365 Business with Tech Data

Accelerate Your Journey to Azure with Tech Data

Top 10 Reasons to Backup Microsoft 365 Data

Unlock the True Potential of the Microsoft Security Stack for Your Customers

FREE WHITE PAPERS FROM OUR SPONSORS

eBook: Hacker Personas

Carbonite Data Protection & Cyber Resilience

The Hidden Costs of Ransomware

Lockdown Lessons eBook