Abstract
Office documents (Microsoft Office and LibreOffice) has become a standard for transmitting information. They are used daily by many users. It should however be remembered that this type of documents are much more than inert files. They may contain an executable part who is called macro. Macros are present since the creation of these Office suites to automate some actions. It is possible to divert the initial use of macros to make it a true infection vector of systems. Since 2007 and the case of the attack on the German chancellery, the number of attacks via this type of documents continues to grow. The ability to access high-level programming languages and interact with the target system, greatly increases the risk of attacks. Changing the security of these Office suites is easy, leaving the door open for malicious attacks without the user noticing. In this paper, we present one tool that is a proof of concept. It is intended for the prevention of the user. It aims to give demonstrations of risks associated with Office documents. It is able to change the security of Office suites and infect documents directly with a macro. It also includes a USB mode of infection, to retrieve all documents from a USB stick and then infect all Office documents. It is possible with Minos, to control and modify the security of versions 2003, 2007 and 2010 of Microsoft Office and versions 3.4 and 3.5 of LibreOffice. Similarly it is possible to infect documents Word, Excel, Powerpoint of Microsoft Office and their counterparts in LibreOffice. If a file already contains macros, you can either delete the macro and replace it by your macro or include your macro next to the other macros. The data presented in this report are technical and operational. We have worked in environments with restricted rights showing that it is possible to make powerful attacks by infecting Office documents.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Dechaux, J., Filiol, E.: Microsoft office vs libreoffice: Security comparison regarding viral attacks (2011). http://conference.libreoffice.org/
Dechaux, J., Filiol, E., Fizaine, J.-P.: Office documents: new weapons of cyberwarfare (2010). http://archive.hack.lu/2010/Filiol-Office-Documents-New-Weapons-of-Cyberwarfare-paper.pdf
Dechaux, J., Filiol, E., Fizaine, J.-P.: Perverting emails; a new dimension in internet (in) security (2011). http://academic-conferences.org/eciw/eciw-home.htm
Dechaux, J., Fizaine, J.-P.: Returning the trust against the user (2010). http://www.esiea-recherche.eu/data/iawacs2010/slides/dechaux_fizaine_iawacs2010.pdf
Desnos, A.: Implementation of k-ary viruses in python. In: Hack.lu 2009 (2009). http://2010.hack.lu/archive/2009/kaires.pdf
ESIEA: Pwn2kill challenge. iAWACS 2010 (2010). http://www.esiea-recherche.eu/iawacs_2010_en.html
Filiol, E.: Formalisation and Implementation Aspects of K-ary (malicious) Codes. Springer, France (2007)
Filiol, E.: Les virus informatiques : théorie, pratique et applications, 2nd edn. Springer, France, ISBN: 978-2-287-98199-9 (2009)
Filiol, E., Fizaine, J.-P..: Openoffice v3.x security design weaknesses. In: Black Hat Europe 2009 (2009). http://www.blackhat.com/html/bh-europe-09/bh-eu-09-archives.html#Filiol
Mansfield, R.: Mastering VBA for Microsoft Office 2007. Wiley, New York, ISBN: 978-0470279595 (2008)
Nourdine: Cyber-attaque contre la france : les détails (2010). http://www.lemondenumerique.com/article-27046-cyber-attaque-contre-la-france-les-details.html
Spiegel Online: Merkel’s china visit marred by hacking allegations (2007). http://www.spiegel.de/international/world/0,1518,502169,00.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dechaux, J. The Office Demon: Minos. J Comput Virol Hack Tech 9, 125–135 (2013). https://doi.org/10.1007/s11416-013-0180-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-013-0180-9