Microsoft Word Intruder is a kit designed to build malicious Microsoft Word documents for use in targeted attacks.
This malware supports a wide variety of factors that exploit unsuspecting victims via crafted Microsoft Word documents.
It is available on the black market, and is used in Phishing and scam emails sent with the intention of infecting the receiving device.
The malicious attachments are sent to unknowing victims disguised as important or well-known companies or organisations, to coax you into opening the infected file.
Mark James, ESET IT Security Specialist, discusses how organisations can mitigate these emails and protect their users.
“We often see infected Word documents embedded into emails as phishing or scam emails trying to trick the public into opening them to view invoices or tax returns.
“The email will usually have an enticing subject line trying to give you something for free or scare you into opening the attached document.
“The document may appear to not actually do anything but install malware in the background, or in some cases just display useless information, but by that time it’s often too late.
“Organisations should have policies in place that deal with not only Word macros, but rules on attachments: that is the best way to combat this type or malware delivery.
“Educating users on the dangers of opening anything embedded in emails or utilising some kind of quarantine situation where they are opened in a secure environment to test their legitimacy may be needed to protect the business or individual.
“Making sure you have a good regular updating multi-layered security solution to protect you against these types of threats will help.
“The problem is this type of delivery process works all too often, utilising your staff to be an integral aspect of your company’s security through knowledge and education is the way forward.
“We do seem to be seeing more and more of these types of kits becoming more widely used. The availability of “off the shelf” kits to distribute Malware is making it possible for almost anyone to distribute malware without the need to design it yourself.
“This opens it up for almost anyone to do; these different kits will often enable new malware to be downloaded and distributed around the already compromised network. This could of course not only compromise data and identity’s, but also enable credentials to be stolen or accounts to be compromised.”
How often do you see emails which you suspect to be phishing attempts? Let us know on Twitter @ESETUK