Malicious Emails - Word Attachments

We wrote recently about some very targeted malicious emails that appear to be becoming more prevalent of late. However not all email scams need to be so personalised to be effective. To further drive home the need for good email security practices we'd also like to discuss another common type of malicious email, specifically the attached Word document kind. The tactic these particular scammers use is to send you an email with a Word document attached. The email can be worded in many different ways but all with the same intention, to get you to believe the Word document attached is important and should be opened post haste. The purpose of the Word document is usually to run a malicious macro. Macros are essentially embedded code in Office documents, written in a programming language known as Visual Basic for Applications (VBA). Macros can be useful, if you're looking to automate a task in an Office document they are great time savers. If you have created them yourself or obtained them from a source you know and trust then you can use them in confidence. Unknown macros however could be hiding almost anything in their code. Using the code in a Word document macro the scammers can attempt to do all sorts of nefarious things on your computer. A recent example, quite common in the UK, makes changes that redirect certain banks websites to dummy sites that then attempt to pry your online banking details from you! Because of the potential misuse of macros Microsoft has implemented security features in the more recent versions of Office that make it very clear that the document contains a macro. Users should be informed that these notifications should be heeded and macros should not be enabled unless they are certain of the source of the document. Better still, email attachments from unknown or suspect sources should not be opened at all. Email filtering and anti-malware software is a necessity for businesses today however as we mentioned in our previous blog post it will never be 100% perfect. Educating users about the dangers of malicious emails, how to spot them and what to do when they come across them is a vital part of your defence.  
2012 RDS - Where is the user logged on from?