Your IT Consultant

Malware Delivered via Microsoft Word Without Macros

November 13, 2017

It is a common practice to deliver malware via Word by using macros to execute code. As a result, macros are not enabled by default in Microsoft Office. Hopefully, readers know that enabling macros can be a very bad thing. I would even suggest staying away from any utility or programs that require the use of macros. In the age of ever changing methods of attacks, a hacker group has figured out a way to infect users without using macros. Trend Micro reported that Fancy Bear (Russian supported hacking group) is distributing a Word document titled IsisAttackInNewYork.docx that abuses a feature known as Dynamic Data Exchange (DDE). Basically, DDE allows a file to execute code stored in another file. DDE can be a good feature to make sure that data is always up to date, but should also be approached cautiously. In other words, be suspicious of any document with a warning that the document contains links that refer to another file. Don't enable macros and don't agree to update documents with data from other files.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com