{"id":84,"date":"2019-04-06T19:33:14","date_gmt":"2019-04-06T19:33:14","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=84"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"\"New-Secure-Document\";-Macro-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=84","title":{"rendered":"&#8220;New Secure Document&#8221;; Macro Malware Email"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\n&#8220;Confidential&#8221; email claims that you have received a new secure document and should open a Microsoft Word attachment to read it.  \u00a0The message notes that, because the document is encrypted, you will need to  \u00a0use the &#8220;enable editing&#8221; option to decode it.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"4870821038\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe Microsoft Word attachment does not contain any sort of confidential document and the email is fraudulent. When you attempt to open the attachment, you will be prompted to enable macros, ostensibly so that the document&#8217;s contents can be decrypted. If you do enable macros, a malicious macro can then install malware on your computer.<\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: You have received a new secure document<\/strong><\/p>\n<p>You have received a new secure document.Please check attached document ( Microsoft Word Document ) for more information. The document has been encrypted and is currently protected. In order to unlock the document content please decode the document using &#8220;Enable Editing&#8221;.<a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"3331\" data-permalink=\"https:\/\/www.hoax-slayer.net\/new-secure-document-macro-malware-email\/new-secure-document-macro-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1.jpg\" data-orig-size=\"800,888\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"new-secure-document-macro-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1-270x300.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1.jpg\" class=\"aligncenter size-full wp-image-3331\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1.jpg\" alt=\"New Secure Document Macro Malware\" width=\"800\" height=\"888\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1-270x300.jpg 270w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1-768x852.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/11\/new-secure-document-macro-malware-1-180x200.jpg 180w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nAccording to this email, which is labelled &#8220;confidential&#8221;, you have received a new secure document. The email urges you to open a Microsoft Word attachment to read the document, which is named &#8220;confidential.doc&#8221;. The message claims that, since the document has been encrypted, you will need to decode it using the &#8220;enable editing&#8221; option.  \u00a0The email is professionally presented, and at least at first glance, may appear to be a legitimate document notification.<\/p>\n<p>However, the email is not a legitimate notification and the attachment does not contain any sort of confidential document. When you attempt to open the attachment, you will be prompted to click an &#8220;enable macros&#8221; button, ostensibly so that the document&#8217;s contents can be decrypted.<\/p>\n<p>But, instead of decoding a document as claimed, the macro will instead connect to a remote server and download and install malware.  \u00a0The exact nature of this malware may vary. The malicious macro tactic is often used to infect computers with ransomware. Once installed, ransomware can lock the files on your computer and then demand that you pay a fee to online criminals to obtain a decryption key.  \u00a0In other cases, the malware that the macro installs may be designed to steal sensitive information such as banking login credentials from the infected computer.<\/p>\n<p>Unless you have had a need to use them, you may not be familiar with macros and what they can do. So, here&#8217;s a quick breakdown. A \u00a0macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task. For example, you might record a macro that \u00a0is designed to add pre-formatted text, tables, data, and other elements to your documents at just the click of a button.<\/p>\n<div class=\"indentPara\">\n<p>Quite complex macros can be created and such macros can be very helpful in some workflows.<\/p>\n<p>But malicious macros can also be created and distributed. In the past, macro viruses were common computer security threats. But, in later years, they became a less significant threat due to the fact that later versions of Microsoft Office disabled macros by default and implemented other security measures.<\/p>\n<p>However, criminals have apparently realised that many computer users will have forgotten about or have no knowledge of macro threats. Thus, <a title=\"Remember macro viruses? Infected Word and Excel files? They're back...\" href=\"http:\/\/nakedsecurity.sophos.com\/2014\/07\/07\/remember-macro-viruses-infected-word-and-excel-files-theyre-back\/\">malicious macros are again being used<\/a> to spread malware. \u00a0 An <a title=\"VBA is not dead!\" href=\"https:\/\/www.virusbtn.com\/virusbulletin\/archive\/2014\/07\/vb201407-VBA\">article about the resurgence<\/a> on Virus Bulletin notes:<\/p>\n<p><em>In the past five years, macro malware could be considered practically extinct \u00e2\u20ac\u201c thanks mostly to the security improvements introduced into Microsoft Office products. However, in recent months, a resurgence of malicious VBA macros has been observed \u00e2\u20ac\u201c this time, not self-replicating viruses, but simple downloader trojan codes.<\/em><\/p>\n<p>In modern incarnations of the threat, criminals do not try to subvert inbuilt security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals know that at least some recipients may proceed without due caution in the hope of finally viewing the promised document content.<\/p>\n<\/div>\n<div class=\"indentPara\">Unless you have a good working knowledge of macros and the possible security risks that they pose, you are best to leave macros disabled by default. And do not believe any message that claims that you must enable macros to view or interact with ordinary Microsoft Office documents.<\/div>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p class=\"date\">Last updated: November 19, 2016<br \/>\nFirst published: November 19, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">Macro Virus Threat Returns &#8211; Beware Emails With Malicious Word Attachments<\/a><br \/>\n<a title=\"Loads Of Macro Malware 'Invoice' Emails Hitting Inboxes\" href=\"http:\/\/hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\">Loads Of Macro Malware &#8216;Invoice&#8217; Emails Hitting Inboxes<\/a><br \/>\n<a title=\"Remember macro viruses? Infected Word and Excel files? They're back...\" href=\"http:\/\/nakedsecurity.sophos.com\/2014\/07\/07\/remember-macro-viruses-infected-word-and-excel-files-theyre-back\/\">Remember macro viruses? Infected Word and Excel files? They&#8217;re back&#8230;<\/a><br \/>\n<a title=\"VBA is not dead!\" href=\"https:\/\/www.virusbtn.com\/virusbulletin\/archive\/2014\/07\/vb201407-VBA\">VBA is not dead!<\/a><\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Primary Matched Content --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"2703041438\" data-ad-format=\"autorelaxed\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/new-secure-document-macro-malware-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/new-secure-document-macro-malware-email\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: &#8220;Confidential&#8221; email claims that you have received a new secure document and should open a Microsoft Word attachment to read it. \u00a0The message notes that, because the document is encrypted, you will need to \u00a0use the &#8220;enable editing&#8221; option to decode it. Brief Analysis: The Microsoft Word attachment does not contain any sort of [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-84","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/84"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=84"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/84\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=84"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=84"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=84"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}