Adwind RAT Scurries By AV Software With New DDE Variant

A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool (RAT) – and using a fresh take on the Dynamic Data Exchange (DDE) code-injection technique for anti-virus evasion.

The spam campaign features two types of droppers that leverage a new variant to the already-known DDE code-injection attack on Microsoft Excel – enabling them to bypass AV software.

DDE is a legitimate method for transferring data between applications – so for Excel, the process could update contents of a spreadsheet cell with information from an external application or file with a specific extension. Thus, one can craft a weaponized file containing a DDE formula, which, when opened, will prompt Excel to try to execute the external application.

Read more…
Source: ThreatPost