A new type of Microsoft Word malware sent in bogus file attachments has been disclosed.  What is unusual about this exploit is that it does not need to be in macro-enabled documents.   In fact, the file is in the form of a RTF file saved as .DOC that downloads an executable file.

The good news is that the default Protected View should keep you safe.  These are the settings in the Trust Center in Word.  It’s always a good idea to keep all these boxes checked:

Office Trust Center Protected View

Protected View under Options > Trust Center. A good idea to keep all the boxes checked.

 

While this particular threat has been associated with Word documents, it theoretically could work with any Microsoft Office file.  Excel, PowerPoint, and even Outlook can potentially be exploited by similar attachments.

 

Here’s a few other things to keep in mind about ANY file attachments:

  • NEVER open unsolicited or suspicious attachments.  If you weren’t expecting it, check with the sender.
  • Odd file names are another sign of potential trouble.  Many departments have naming conventions and if not, the people you correspond with tend to name files in a similar manner.  For instance, if the files you receive usually have the name of a client in the filename, “Report UPDATED.doc” would be an example of a suspicious file.  Remember, this particular threat is in .DOC format, so the fact that it is not a .DOCX file is also a red flag.
  • Macros are convenient, but can contain potential threats.  Do not open macro-enabled files unless you know and understand what the macros are supposed to do.  Ask the sender if you’re not sure.
  • If you just need to view a document, it’s a good idea not to click on “Enable Content” at the top.
  • Make sure Office is set to update automatically.
  • Keep all the default Trust Center settings for macros, VBA, and ActiveX.
  • Make sure your anti-malware software is updated.
  • Confirm that your anti-malware software scans downloads and mail attachments.  You may want to also download attachments first, then scan them before opening.

Microsoft Office is a great productivity tool.  But as with any software application, we must always be on the alert for malicious files!

Mac users:  Think you’re immune to Office malware?  Think again:

Microsoft Office macro malware targets Macs:
https://blog.malwarebytes.com/cybercrime/2017/02/microsoft-office-macro-malware-targets-macs/

 

Read more here the new exploit here:

Booby-trapped Word documents in the wild exploit critical Microsoft 0day

https://arstechnica.com/security/2017/04/booby-trapped-word-documents-in-the-wild-exploit-critical-microsoft-0day/

 

 

 

 

 

Online Threat: Word Exploit