Unfortunately, malware creators also know these malware evasion secrets, and they are learning to hide their malicious code in places you least expect. They are sneaking bots onto your network through insecure Internet of Things (IoT) devices; they are hiding code in your favorite mobile apps. Most recently — and unbeknownst to nearly everyone — cybercriminals have started packaging their malware into oh-so-familiar documents.

Why Documents?

As long as there have been computers, there has been malware. Initially, malware was spread through floppy disks and network holes; then, as the internet became established, cybercriminals learned to send malware through email and websites as executable files that users unsuspectingly installed. Fortunately, this method of transmission was easy enough to thwart. Executable files are almost never sent via email or over networks, so IT professionals learned to block certain unsafe file types while permitting more common and benign file types — namely, Microsoft documents. Initially, Microsoft Office Suite files, including DOCs and PDFs, were relatively static, but over time, that has changed. Today, Microsoft Word documents are as dynamic as executable files, capable of using macros and scripting; Word can run processes and install code on users’ computers, and this impact is as critical as the files most networks strive to block. Unfortunately, DOCs and PDFs have become integral to business function, so forbidding their transmission like EXE files is simply out of the question. Thus, documents seem to be an ideal vector for conveying malware into even the most secure networks. The concept of using documents to spread malware isn’t new. In fact, the first instance of dangerous documents appeared in 1999, when a pint-sized virus named “Melissa” subverted macro abilities within Microsoft Word. In a matter of days, Melissa (named after a topless dancer) spread far and wide across the internet, infiltrating personal, business, and government networks and causing more than $80 million in damages. The perpetrator was caught and penalized, but Melissa’s legacy lives on. Today, malicious hackers produce document-based malware that infects and spreads in a variety of ways. While security professionals strive to patch system and network holes to thwart such viruses and their creators, the fact is that the good guys are well behind the bad guys in the malware arms race. As a result, more users are experiencing the effects of document-based attacks.

 What Doc Attacks Look Like

Because documents are often shared by email, it makes sense that most malware-laden documents are spread by emails, as well. Most computer users are accustomed to filtering out spam emails with misspellings and unrequested documents, but more often than you might expect. A 2010 survey found that 46 percent of email users have opened questionable emails, and 11 percent have clicked on an unknown link in those emails. The chances of users downloading a document from an email is much higher, considering many people don’t recognize the potential dangers of documents. Still, criminals are no longer relying on email alone. Today, documents on websites are common and seem more trustworthy, especially if search results link directly to the document. Unfortunately, these docs are just as hazardous as those sent through email, and worse, sometimes they are disguised as regular webpages and difficult to avoid. Doc attacks tend to look like any other malware attack, which means they can take many forms. Some use embedded scripting to download additional malware from elsewhere on the internet. More insidiously, some contain rootkits that take control of a computer’s system or botnets that add a computer to a network used together to attack more difficult targets. Some function as ransomware, stealing identities and hiding files while coercing users to make monetary payments to the perpetrators. Using documents does not limit a hacker’s options; in fact, it expands them because docs are such an effective form of transmission. How to Prevent Docs’ Dangers Because document-based malware remains malware at its core, most users can protect themselves from harm with typical security techniques: trustworthy antivirus software, strong passwords, consistent updates, etc. Being aware of the potential for document-based attacks is important as well, for it allows users to be more cautious when navigating the web or downloading email attachments. The idea that trusty documents could betray you with malware is daunting — it makes you wonder if any file on your computer is honest. There is no need to abandon Word for plain text readers like Notepad. As long as you remain savvy of threats to your computer’s security and maintain safe habits for browsing and downloading, you should avoid document-based malware and all other harmful files for years to come.

Δ

When Documents Attack  Beware of Malware Laden Docs - 36When Documents Attack  Beware of Malware Laden Docs - 27When Documents Attack  Beware of Malware Laden Docs - 37When Documents Attack  Beware of Malware Laden Docs - 20When Documents Attack  Beware of Malware Laden Docs - 31