Office ‘Documents’ Loaded with Malware

Wednesday, January 28, 2015 @ 03:01 PM gHale

There is a new spam campaign looking to trick anti-spam filters in order to allow spam to pass freely into mailboxes, researchers said.

The campaign’s success becomes even stronger because the attachment of a “clean” Microsoft document alongside the spam emails, said researchers at Bitdefender.

Security a Differentiator for Users
Security: A Presidential Mandate
Security Spending to Increase in ‘15
Sony: Risk Management in Real Time

“For a few days, cybercriminals have been sending targeted emails to management departments. The emails look like a tax return, a remittance or some kind of bill from a bank and carry a Microsoft Word or Excel attachment,” said Catalin Cosoi, chief security strategist at Bitdefender. “If you’ve recently received an odd tax return or a similar request via email, you may not want to open the file.”

The email sails through anti-spam filters because the file itself is clean. The trap lies in the use of macros within the document. Those lines of code, used in Microsoft Office, generally are to create formulas or a conduct a repetitive task, but they can also interact with the whole Windows environment and have an impact on an entire system.

The code in these documents is a command for the victim’s computer to download a piece of malware from a remote server that will execute automatically, with the macro code disguised to bypass traditional anti-viruses.

“The malware on the remote server is either a ransomware or an industrial espionage tool,” Cosoi said. “Both are as dangerous as they look: The effect of the ransomware is immediate as it can encrypt a company’s important files and ask for a ransom. The espionage tool can be even more vicious, depending on what kind of files it can access.”

Leave a Reply

You must be logged in to post a comment.