Attackers are targeting Australians with malicious Word attachments

Attackers are targeting Australians with malicious Word attachments

Bas van Nunen November 11, 2015 Security

The Sentrian Service Desk always promote vigilance when it comes to downloading attachments or following web links, particularly in unknown or unsolicited emails. This week we're asking all our clients to pay particular attention to this warning following a dramatic increase in the number of malware attacks delivered through macros in Microsoft Office with the aim of stealing banking credentials and personal information.

What you need to know

A new exploit is making the rounds by disguising itself within Word attachments via email. Unsuspecting users who open the Word document and enable editing allow the malicious software to create a pathway for attackers to exploit the computer.

We've encountered a significant number of attacks known as Dridex Malware, in which attackers monitor and attempt to steal sensitive information like login and bank account details from your computer. New variations of the infamous Cryptolocker malware may also choose to hold your data for ransom by encrypting it, rapidly grinding business to a stand-still.

[x_slider animation="slide" slide_time="2500" slide_speed="650" slideshow="true"][x_slide]

Malicious emails are usually unsolicited

Not expecting an order for $33,328? Do not open the attachment.


Don't be fooled by official looking emails with emotional triggers.

Some scams look official and are designed to pull the emotional triggers that will get you to respond.[/x_slide][x_slide]

Malware won't always be caught in spam filters.

An example of email containing a variant of the Dridex trojan trapped in spam filtering.


What you need to do

  • Be aware of every attachment you open from emails. Opening attachments may happen so frequently in your office, a second thought isn’t given to opening the next. Look for specific and relevant information in the email. More than just, “I heard a position was available at your company, here is my CV,” for example.
  • Do not enable editing of downloaded Word or Excel Files. Newer versions of Office have editing switched off by default, it should stay this way. If the document is difficult to understand or read without editing enabled, this may be a trick for you to enable it. Of course, this is a secondary precaution, the malicious attachment should ideally not be opened at all.

Why it is important

If the macro is enabled and the exploit is installed, it is too late to stop it. Only recovery actions are available.

If the exploit encrypts your data, it cannot be recovered without a backup. Even this is not ideal, it may take up valuable hours restoring the infected files depending the size of the attack.

How it works

  1. The email containing the malicious Word file is rendered using a pre-configured template. Elements, like the salutation and opening sentence, are randomly generated to avoid security scans. The Word document will look like any other .doc file.
  2. The exploitative code is hidden within a Macro inside the document file. This is an older, more traditional way of scammers installing malicious software on unsuspecting users’ machines. Recent versions of Microsoft Word disable macros by default for Word documents downloaded from the internet. However if you click ‘Enable Editing’ between the Ribbon and the document itself, the Macro will be enabled and the malicious software will be installed.
  3. Once the Macro exploit is active, the attacker is able to manipulate your computer as long as it remains undetected and unpatched.

If you suspect your computer may have been attacked or compromised, contact support immediately.

Recent Posts

New call-to-action

Subscribe to our Newsletter