When you think of viruses coming through your email, you can bet that anything with an executable (.exe) file is sure to contain malware. A macro virus however, will not be as noticeable.
This recent run of emails contain what is known as a macro virus. Macros are an integral part of Word documents and are designed to automate repetitive tasks. They can be abused however, and in this case the virus writers have written a little "downloader" which downloads the real virus from a remote website. The macro is designed to be executed whenever you open the document in Microsoft Word.
The scammers are aware that most installations of Microsoft Word have the default settings set to not open macros, and they attempt to circumvent these default settings by enticing the end user to enable macros using instructions as depicted below:
By enabling macro content, you will then allow the virus to run.
Macro viruses can sometimes be missed by typical security software as the script itself can be easily obfuscated. Unfortunately, if you have scripted content enabled by default, it might take a while before your virus defences catch up and detect the threat.
You will not know if this file type (.doc) contains a macro until you click on it. Best practice is to always be wary when opening any attachments in an email that are coming from an unknown sender. If in doubt delete the email and the attachment straight away, especially if it asks you to alter your security settings in any way!
IT administrators can alleviate the threat by ensuring macros are disabled, and educating users not to enable them. User education is an integral part of virus defence, as cyber criminals prey on uninformed users.
For more tips on identifying viruses and malware, take a look at our blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.
Keep up to date with email scams affecting your business by subscribing to MailGuard’s weekly update.