Thursday, December 16, 2010

Fake Office Documents, mind your attachments

Nowadays, it is very common to receive chain letters or jokes as Word (.doc) or PowerPoint (.ppt) attachments in emails. Since you usually receive these emails from known contacts and most people don't think twice about opening them, it has become common practice to disguise malicious software as these Word or PowerPoint files.

During last years H1N1 Flu outbreak there was a chain email going around with a file attachment by the name of "Novel H1N1 Flu Situation Update.exe", and the icon of the file makes it look like a Word Document. The executables contain backdoor functionality, including an elaborate keylogger (which is used to track and send off username, password, and credit card information).

This Malicious software actually opens a document file that causes the user to think he really opened a Word file. This is what the document looks like.

You must alway be cautious when opening any type of attachments even from people you may know since many of these Virus/Trojans will resend themselves using the infected computers address book. Remember, never to trust email attachments and run them through a Virus Scanner (make sure you virus definitions are up to date).

What if my computer is infected?

SecureList has a an article with basic information to try and stop the malicious software. The article also mentions the following:
However, no universal advice can be given for all occasions. Advanced worms and Trojans occur every now then that are quite difficult to track down. In this case, it is best to consult the support service of the IT security vendor that released your antivirus client, a company offering IT assistance services, or ask for help at specialized web forums
F-Secure offers an online scanning service to determine if your computer is infected.

Additional information:

This post is part of the translation series. This article is based on the article posted over at and is not translated word for word.

Published on: 2009/07/22
Author: jProgr

Thanks for another great article

No comments:

Post a Comment