• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Microsoft Word Attack Bypasses Security

Microsoft Word Attack Bypasses Security

2018-02-16 by Max

We’ve said it before and we’ll say it again: Don’t open emails from senders that you don’t know. If you do, for some reason, open the email then do NOT download any attachments. These attachments can contain dangerous malware and viruses that will take over your computer, steal your data, add you to a botnet or worse. If you’ve opened a suspicious email and downloaded the attachments, refrain from opening them. While you might not get a virus just by downloading them, “might not” becomes “definitely will” once you open them and allow them to run.

Microsoft Word documents are a classic attack vector, but they usually require the user to have macros enabled for them to do anything. Macros are miniature programs, so without them enabled a MS Word document is just text. With them enabled it becomes a text document loaded with executables that can quickly overwhelm your computer’s security and move on to whatever Phase 2 of the attack is. This is why when you download a document and open it in MS Word it won’t let you do anything to it. You have to enable editing or save your own copy if you want to interact with a downloaded MS Word document, all of this is done in the name of safety. Since macros are a known attack vector Microsoft makes an effort to keep security definitions up-to-date for security software to deal with them. A new attack doesn’t require macros to work however, it relies on a known vulnerability. This vulnerability was patched by Microsoft last year, but if your device is behind on its updates then you may be vulnerable. This new wave of MS Word attacks is designed to steal credit card information, emails and other credentials from your browser.

According to Trustwave’s SpiderLabs all of the reported emails so far have had the following subjects:

TNT STATEMENT OF ACCOUNT
Request for Quotation
Telex Transfer Notification
SWIFT COPY FOR BALANCE PAYMENT

and they’ve all had a Microsoft Word document titled: receipt.docx.

As long as you don’t open the document your computer is safe, but the moment you do several things happen. The document reaches out to the internet and downloads a Rich Text File that is actually an executable, the RTF takes advantage of the MS Word vulnerability, which creates a PowerShell Script code that installs the Password Stealer Malware. All of this happens rapidly, and is essentially unstoppable once you open the document. The attack relies on using document types that aren’t normally blocked by firewalls and standard security measures, which is what makes it so effective. The best defense is to leave strange emails unopened and report them to your IT department. If you don’t have an IT department to report them to, then report them as Spam to Google and block the sender. Whatever you do, DO NOT open strange emails. Your devices will thank you.

Filed Under: News

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version