Malicious Code Exploit Discovered in Microsoft Office -- Redmond Channel Partner

Malicious Code Exploit Discovered in Microsoft Office

By Scott Bekker
October 29, 1999

Finjan Software (www.finjan.com) announced that they have discovered a new exploit involving Microsoft Windows scrap files that could be used to deliver Trojan attacks. Microsoft Office applications can be used to create "scrap" files (.SHS extension) to hide executable programs.

Because the file extension on .SHS files is always hidden, a file can be falsely named with a harmless-seeming file extension (.TXT, .JPG, .GIF), which a user will be more likely to open. Once opened, a scrap file will transmit the Trojan executable program to the user's machine.

Microsoft Windows scrap files are created when a file is copied into an open Microsoft Office document and then copied and pasted onto the Windows desktop. The new scrap file is created with the hidden file extension .SHS, but can easily be renamed by a malicious user. When distributed via e-mail messages or instant message file transfer or other Web-based media, a scrap file's extension becomes visible, but once saved to the hard drive, the .SHS extension will disappear again.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)
SharePoint Takes Ignite Spotlight with Project Nucleus and Syntex Announcements

Microsoft detailed some upcoming advances to SharePoint at Ignite this week, including a new Project Cortex product called "Syntex."
The 2020 Microsoft Product Roadmap

From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.
Microsoft Tops $2.5B Mojang Deal with $7.5B ZeniMax Buy

Microsoft on Monday announced its intent to acquire games maker ZeniMax, owner of Bethesda Softworks, for $7.5 billion in cash.

RCP Update

Email Address*Country*

Malicious Code Exploit Discovered in Microsoft Office

Featured

2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

SharePoint Takes Ignite Spotlight with Project Nucleus and Syntex Announcements

The 2020 Microsoft Product Roadmap

Microsoft Tops $2.5B Mojang Deal with $7.5B ZeniMax Buy

The 2020 Microsoft Product Roadmap

SharePoint Takes Ignite Spotlight with Project Nucleus and Syntex Announcements

Rubber, Meet Road: Products Hitting GA at (or Around) Microsoft Ignite

Giving CIOs What They Need, Part 2

2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2020 Microsoft Product Roadmap

SharePoint Takes Ignite Spotlight with Project Nucleus and Syntex Announcements

Rubber, Meet Road: Products Hitting GA at (or Around) Microsoft Ignite

Giving CIOs What They Need, Part 2

2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

Partner's Guide to Making the Most of Dynamics 365 IUR

FREE WEBCASTS FROM OUR SPONSORS

How to Stay Disruption-Free During Hurricane Season

Accelerate 2020 – Live Virtual Event

Optimizing the Data Center: The Key to MSP Profitability

Data Growth and the MSP: How to Profitably Deliver Data Protection

FREE WHITE PAPERS FROM OUR SPONSORS

Why SharePoint Business Process Automation should be an Enterprise Imperative?

One-Man MSP Finds Winning Combo in Webroot and Syncro

Data Growth and the MSP: Best Practices for Profitably Delivering Data Protection

11 Types of Phishing Attacks You Need to Know to Stay Safe