Office Documents May Be Vulnerable To Malware,Warns Microsoft

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

The Microsoft Malware Protection Center (MMPC) has warned Office users to be wary of any macros that come as an attachment in emails and social engineering sites.

The MMPC has witnessed a steady increase in enable-macros based malware in the recent months. Macros are codes in Microsoft Office that allow automation of processes to improve productivity.

Two of the most active malware of this category include Adnel and Tarbir (a kind of Trojan downloaders), both targeting the US- and UK-based home users and enterprise customers.

“The combination of the instructional document, spam email with supposed monetary content, and a seemingly relevant file name, can be enough to convince an unsuspecting user to click the Enable Content button,” said the MMPC website report.

Various subjects used in spam emails :

  • ACH Transaction Report
  • DOC-file for report is ready
  • Invoice as requested
  • Invoice – P97291
  • Order – Y24383
  • Payment Details
  • Remittance Advice from Engineering Solutions Ltd
  • Your Automated Clearing House Transaction Has Been Put On

adnel3

The email attachments in the Adnel and Tarbir campaigns using the attachment file names similar to those below:

  • 20140918_122519.doc
  • 813536MY.xls
  • ACH Transfer 0084.doc
  • Automated Clearing House transfer 4995.doc
  • BAC474047MZ.xls
  • BILLING DETAILS 4905.doc
  • CAR014 151239.doc
  • ID_2542Z.xls
  • Fuel bill.doc
  • ORDER DETAILS 9650.doc
  • Payment Advice 593016.doc
  • SHIPPING DETAILS 1181.doc
  • SHIP INVOICE 1677.doc
  • SHIPPING NO.doc

Microsoft Office’s default settings are set to “Disable all macros with notification.” Hence, the malicious emails prompt users to enable the macros manually. Once that is done, malware code infects the system.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply