Hello, welcome to the Monday, December 18th, 2017 edition of the Science Internet Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Washington, D.C.

Microsoft Office macros have long been stable when it comes to malicious code that users are receiving.

Now, Xavier came across an interesting new technique. to malicious code that users are receiving.

Now, Xavier came across an interesting new technique being used by malicious documents in order to obfuscate the nature of these macros.

Macros or Microsoft documents are coming with metadata describing the document.

In this particular case, the content status property was used to actually store a string

that's then later referenced within the macro in order to assemble the URLs from which

the malicious content is being loaded.

So the intent here is to full a cursory inspection of the macro that only considers the macro code itself and not the entire document.

In this case you wouldn't actually see this document property and as a result wouldn't be able to actually extract the URL that's then being used in the second stage.

Last week, an ISP in Russia announced routes for 80 net blocks that were actually owned by big internet players like Apple, Google,

Facebook and Microsoft.

This attack took advantage of insecurities in the BGP protocol, and essentially what happened

here is that this ISP did make fairly specific announcements for slash 24 networks that were more

specific announcements than the ones that were made by these respective companies.

Sadly, these attacks are still possible.

There are some workaround, some extensions to the BGP protocol that should have prevented these

attacks, but these extensions haven't really been widely implemented yet.

Attacks like this are actually somewhat calm and often affecting financial institutions.

Now, what was a little bit different here was the large number of net blocks being

announced and also the large number of companies being affected. Not really clear why they were doing

...