Microsoft Discovers Malware in Word Files! Here’s What You Need to Know

By on Sep 06, 2016

Microsoft Word is omnipresent. Students use it for their academic careers and office workers, well, office workers pretty much live in Word files. However, the program’s ubiquity is a useful tool for cybercriminals, who have for a long time infected Word files with malware.

It’s an old standby that’s constantly updated to stick with the times. In its latest iteration, cybercriminals have used a longstanding Word feature, called Macros, to slip malicious code into documents.

It’s a sneaky method. While it’s one thing to ask people to download an unrecognized file, such as .RAW or .exe in an email, it’s another thing to embed malware within trusted Microsoft Word documents, which this attack does.

In the latest Macro attack, hidden lines of code can route your computer’s web traffic through a proxy server — allowing cybercriminals to intercept traffic. Although this attack isn’t widespread, it is powerful. Crooks can steal usernames and passwords with ease, by being a “man-in-the-middle” between a computer and the internet.

But in order for this man-in-the-middle attack to take place, someone has to open an infected file. To do this, cybercriminals use social engineering — techniques where cybercriminals impersonate someone else for the purpose of infecting a computer or stealing sensitive information. Usually, this comes in the form of messages from both trustworthy entities or complete strangers asking you to look at a simple Word file.

Cybercriminals are getting creative. This Microsoft Word hack may be old, but it demonstrates how actors can recycle old methods into new concepts. Still, the discerning consumer can protect themselves.

With that in mind, here are three safety steps everyone should know:

Check for email senders’ authenticity. To bait people into opening files, cybercriminals use official logos and email addresses that look similar to a real company’s. However, don’t be fooled. Make sure the sender address is from the real website. And if you’re not expecting to receive a file, do a quick search or contact the company first.

  • Think twice when permission requests appear. Although cybercriminals may hide malware within tweaked files, your computer will often ask for permission before running customizations. If you see these pop-up boxes appear, double-check before accepting. In general, if you’re unsure, it’s better to err on the side of caution.
  • Modify your registry settings. This preventative step requires someone tech-savvy. But for those ready for a challenge, Microsoft has published a blog with instructions for protecting Word.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee on Twitter, and ‘Like’ us on Facebook.

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs