Bitdefender, the anti-virus solutions specialist, is warning Microsoft Office users about the emergence of a new spam campaign that’s looking to trick anti-spam filters in order to allow spam to pass freely into mailboxes. The campaign’s success is elevated due to the attachment of what appears to be a ‘clean’ Microsoft document alongside the spam e-mails.
“For a few days, cyber criminals have been sending targeted e-mails to management departments,” explained Catalin Cosoi, chief security strategist at Bitdefender. “The e-mails look like a tax return, a remittance or some kind of bill from a bank and carry a Microsoft Word or Excel attachment. If you’ve recently received an odd tax return or a similar request via e-mail then you may not want to open the file.”
The e-mail isn’t stopped by anti-spam filters because the file itself is clean. The trap lies in the use of macros within the document. Those lines of code, adopted in Microsoft Office, are generally used to create formulas or a repetitive task, but they can also interact with the whole Windows environment and have an impact on an entire system.
The code in these ‘clean’ documents is a command for the victim’s computer to download a piece of malware from a remote server that will execute automatically, with the macro code disguised to bypass traditional anti-viruses.
Cosoi continued: “The malware on the remote server is either a ransomware or an industrial espionage tool. Both are as dangerous as they look. The effect of the ransomware is immediate as it can encrypt a company’s important files and ask for a ransom. The espionage tool can be even more vicious depending on what kind of files it’s able to access.”
In order to prevent the threat, a company’s network needs security from end to end. There cannot be any reliance on a single defence.
Bitdefender recommends using an anti-virus solution that proactively protects against threats in order to block the danger before it even has the opportunity to send a command – in this case, to prevent the macro from downloading the malware.