Malware-ridden Word docs lead to Microsoft alert blurt

[Batu69]

MICROSOFT HAS taken the trouble to warn Windows users about an attack that takes what trust people have left in the software and throws it out of the window.

The firm explained that the problem involves macros and the use of social engineering. People are tricked into downloading and then enabling malicious content that ultimately leads to trouble when they innocently use Word.

 

"Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigation investments in Windows," said the firm in a Microsoft TechNet blog post suggesting that this is a cheap shot by hackers.

 

"Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. We recently came across a threat that uses the same social engineering trick but delivers a different payload."

 

Microsoft explained that the payload's primary purpose is to change a user's browser Proxy Server setting, which could result in the theft of authentication credentials or other sensitive information.

 

"We detect this JScript malware as Trojan:JS/Certor.A. What's not unique is that the malware gets into the victim's computer when the victim clicks the email attachment from a spam campaign," the post said.

 

Microsoft added that people really ought not to click on links from people or outfits that they do not know or trust. This is good, if perhaps hoary and often ignored, advice.

"To avoid attacks like we have just detailed, it is recommended that you only open and interact with messages from senders and websites that you recognise and trust," explained the firm.

 

"For added defence-in-depth, you can reduce the risk from this threat by following [our] guidance to adjust the registry settings to help prevent OLE Embedded Objects executing altogether or running without your explicit permission."

 

Just don't click untrusted links, people.

 

Article source

[edwardecl]

Or you can use Libre Office.

And saying don't click untrusted links, there are a lot of businesses out there that have to be able to read simple documents from potentially unknown people, think of the people who have CVs submitted to them via email and the like.

Microsoft are utterly stupid when it comes to security, why allow anything to execute from a document unless you have written it yourself.

[straycat19]

Or you can enforce security on your network by removing any attachments that come on emails from outside of your network, which is what most large organizations do today.  We provide an ftp server so if someone needs to upload a document, picture, or anything else, they can upload it to the server where it is scanned and accessed in a sandbox before the intended recipient is allowed to access it.  We have been doing this for several years.