Office Documents May Be Vulnerable To Malware,Warns Microsoft

The Microsoft Malware Protection Center (MMPC) has warned Office users to be wary of any macros that come as an attachment in emails and social engineering sites.

The MMPC has witnessed a steady increase in enable-macros based malware in the recent months. Macros are codes in Microsoft Office that allow automation of processes to improve productivity.

▼Advertisement

Two of the most active malware of this category include Adnel and Tarbir (a kind of Trojan downloaders), both targeting the US- and UK-based home users and enterprise customers.

“The combination of the instructional document, spam email with supposed monetary content, and a seemingly relevant file name, can be enough to convince an unsuspecting user to click the Enable Content button,” said the MMPC website report.

Various subjects used in spam emails :

▼Advertisement

ACH Transaction Report

DOC-file for report is ready

Invoice as requested

Invoice – P97291

Order – Y24383

Payment Details

Remittance Advice from Engineering Solutions Ltd

Your Automated Clearing House Transaction Has Been Put On

The email attachments in the Adnel and Tarbir campaigns using the attachment file names similar to those below:

20140918_122519.doc

813536MY.xls

ACH Transfer 0084.doc

Automated Clearing House transfer 4995.doc

BAC474047MZ.xls

BILLING DETAILS 4905.doc

CAR014 151239.doc

ID_2542Z.xls

Fuel bill.doc

ORDER DETAILS 9650.doc

Payment Advice 593016.doc

SHIPPING DETAILS 1181.doc

SHIP INVOICE 1677.doc

SHIPPING NO.doc

Microsoft Office’s default settings are set to “Disable all macros with notification.” Hence, the malicious emails prompt users to enable the macros manually. Once that is done, malware code infects the system.

loading...