Did you get an email with attached word document file with the name CHRISTMAS OFFERS.docx? You should thank your stars for not receiving one and even if you did, for not opening it. This Christmas spammers have gone creative and found innovative ideas to infect your PCs. Taking advantage of the festive season, they are infecting computers all over the world by emailing a tempting word document file with the name CHRISTMAS OFFERS.docx. The malware is targeted at shoppers looking for the best deals this time of year.
It might be tempting to open the attachment to know more about the offers; however, those who opened the docx file found it blank. The CHRISTMAS OFFERS.docx requires users to enable macros. Microsoft Word supports the use of macros to allow the automation of frequently performed tasks. Vulnerability exists because an attacker can craft a malicious document that will bypass the macro security model. The malicious macro could add, change, delete data or files, communicate with a website, or format the hard disk. By default, macros are disabled. So those who fell prey to the temptation, clicked on the enable macros button, and got infected.
People with malicious intent could write Visual Basic for Applications code to create macros that can spread virus through e-mail attachments, disks, networks, modems, and the Internet and is extremely difficult to detect. They could then embed these macros in Office documents and distribute them online. The best way to avoid a macros virus is to run the OfficeMalScanner – a forensic tool to scan for malicious traces in a document.
If you trusted the CHRISTMAS OFFERS.docx and opened it, here’s what most probably would have happened: The enabled macros remotely downloaded a file from the URLhxxp://jasoncurtis.co.uk/js/bin.exe and then ran it from your temp folder. What you downloaded onto your PC was a banking Trojan known as Dridex recognized by Malwarebytes. Those who survived the spam email unharmed must have used Malwarebytes Anti-Exploit Premium that would have warned them of the danger of opening the infected file.
The fake Christmas offers by Santa consequently warn you that while you should be aware of emails that carry seemingly harmless Office documents, you should only run macros from sources you trust to avoid any mishap.