“‘Clean’ Microsoft Office documents deliver cyber threat” warns Bitdefender

Bitdefender, the anti-virus solutions specialist, is warning Microsoft Office users about the emergence of a new spam campaign that’s looking to trick anti-spam filters in order to allow spam to pass freely into mailboxes. The campaign’s success is elevated due to the attachment of what appears to be a ‘clean’ Microsoft document alongside the spam e-mails.

“For a few days, cyber criminals have been sending targeted e-mails to management departments,” explained Catalin Cosoi, chief security strategist at Bitdefender. “The e-mails look like a tax return, a remittance or some kind of bill from a bank and carry a Microsoft Word or Excel attachment. If you’ve recently received an odd tax return or a similar request via e-mail then you may not want to open the file.”

The e-mail isn’t stopped by anti-spam filters because the file itself is clean. The trap lies in the use of macros within the document. Those lines of code, adopted in Microsoft Office, are generally used to create formulas or a repetitive task, but they can also interact with the whole Windows environment and have an impact on an entire system.

A new cyber campaign is designed to trick anti-spam filters such that they allow spam communications to access mailboxes

A new cyber campaign is designed to trick anti-spam filters such that they allow spam communications to access mailboxes

The code in these ‘clean’ documents is a command for the victim’s computer to download a piece of malware from a remote server that will execute automatically, with the macro code disguised to bypass traditional anti-viruses.

Cosoi continued: “The malware on the remote server is either a ransomware or an industrial espionage tool. Both are as dangerous as they look. The effect of the ransomware is immediate as it can encrypt a company’s important files and ask for a ransom. The espionage tool can be even more vicious depending on what kind of files it’s able to access.”

In order to prevent the threat, a company’s network needs security from end to end. There cannot be any reliance on a single defence.

Bitdefender recommends using an anti-virus solution that proactively protects against threats in order to block the danger before it even has the opportunity to send a command – in this case, to prevent the macro from downloading the malware.

Leave a comment

Filed under Risk UK News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s