Office驚現零日漏洞 黑客可利用Word文件安裝惡意軟體

Online banking customers around the world should be on the lookout for scam emails that allow hackers to steal your passwords - and your money.

世界各地的網上銀行客戶們都得小心了！黑客可以用詐騙電子郵件盜取你的密碼——以及你的錢！

Phishing emails which claim to be from reputable financial organisations contain hidden software - designed to exploit a newly discovered flaw in Microsoft Word.

這些釣魚電子郵件會聲稱來自信譽良好的金融機構，但是卻隱藏有軟體--這種軟體利用的是微軟Word新發現的一個漏洞。

Documents opened with the word processing software may trick users into downloading code that allows cyber criminals to infect their computer and capture banking logins.

這種Word文件會欺騙使用者下載程式碼，而網路罪犯可以利用這些程式碼感染使用者的電腦，從而獲得銀行登入資訊。

Cyber security firm Proofpoint warned that the exploit was being used to spread the trojan software - called Dridex.

網路安全公司Proofpoint日前警告稱，該漏洞被用來傳播一種被稱為“Dridex”的木馬軟體。

Dridex has previously been used to steal online banking passwords globally, resulting in the theft of hundreds of millions of dollars worldwide.

Dridex曾經就被用於在全球盜竊網上銀行密碼，造成全世界範圍內數億美元失竊。

During an outbreak of the virus in 2015, the US was most heavily affected according to computer security firm Symantec.

據電腦安全公司賽門鐵克表示，在2015年該病毒肆虐期間，美國受災最嚴重。

This was followed by Japan and Germany, with significant numbers of infections also seen in the UK, Canada, Australia, and a number of other European countries.

其次是日本和德國，而英國、加拿大、澳大利亞和多個歐洲國家感染者也為數眾多。

The latest email campaign started in Australia, but experts are warning this could quickly spread to the rest of the world.

而此次通過電子郵件傳播病毒的事件起於澳大利亞，但是專家警告稱，很可能很快就會蔓延到世界其他地區。

The exploit targets a previously undiscovered flaw - known in security circles as a 'zero-day' vulnerability - in the software.

該漏洞針對的是Word之前一個未發現的缺陷——在安全界被稱為“零日”。

This allows hackers to insert malicious code into the body of a document - in this case fake RTF files (Rich Text Format) which are actually disguised HTML code.

黑客可以利用該漏洞，將惡意程式碼插入到一個文件中——這樣一來，RTF格式的檔案實際上是變相的HTML程式碼。