A friend of mine forwarded me an email that he had identified as a scam. It contained a brief message and a word document attachment, lets take a closer look;
From: “Jerry Donovan” <Kristina.firstname.lastname@example.org>
Date: 16 Mar 2015 14:38
Subject: Outstanding invoices – 563339 January
To: “chris” <email@example.com>
Kindly find attached our reminder and copy of the relevant invoices.
Looking forward to receive your prompt payment and thank you in advance.
So receiving some email about an outstanding invoice isn’t anything out the ordinary, it’s all spelled correctly and ‘Jerry Donovan’ sounds trustworthy, right?
Hmm – the first thing I noticed was the email address. Surely a legitimate email would be firstname.lastname@example.org? This guys seems to be Kristina.email@example.com? Thats not very professional?
I also opened the attached file, if gmail allowed it to arrive in my inbox then it didn’t contain a virus.
It was a blank word document with some macros (which are like mini programs) embedded into it, they were supposed to run when I opened the file. I tried to edit the macros to see what they did but it was all passworded, tried to crack the password but it didnt work first time and i’m far too busy to sit doing that all night 🙂
My version of Word completely disabled the macros as it opened the file so no harm done. Older versions of Word may not do this, or if you open it in something else you may find you have problems.
The whole point of this is to make you think “Wait, what invoice?” then see its only a harmless word document so you open the file and boom, whatever the macro ‘virus’ was designed to do has just been done.
It could probably trigger a file download from somewhere, or reset/steal/wipe certain information from your computer. Yes, even Word documents can be dangerous.
Macro viruses are fairly uncommon now, they were big back in the day but things have moved on a lot now. I guess people have forgotten about them as “Its only a word document!?”… Yeah well a simple Word doc infected 20% of computers worldwide back in 1999.
You’ll never look at a .doc file the same again 🙂
Thanks for the submission, Chris!
If you receive something that looks dodgy, the please forward it to firstname.lastname@example.org or use the form i’ve set-up and i’ll check it out for you 🙂