• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Can a .doc file be harmful?

Z

Zero Plasma

Banned
From: Nitin Sharma <nitin@gwu.edu>
Date: 2006/06/27 Tue PM 01:35:03 EDT
Subject: Freelance Data Analyst

Dear Sir/Madam:

I am a professional Market Researcher and am interested in any
Freelance Data Analyst/Market Research Positions that you might have.

Please find a copy of my resume attached to this mail and let me know
if you have any questions.

Best Regards,

Nitin Sharma (MBA)
Ph: 210-618-9153

Attachment: Nitin Sharma Resume.doc
Click to expand...

Since there is no name for me I know this is spam/viral but it's a .doc file.
Also there is no To: e-mail so I don't know if this was sent to my spam heavy e-mail alias.
Why wouldn't there be a To: e-mail listed?
I haven't opened the file or even downloaded it as i'm using my ISP's webmail on this account.
Anyone want to try and call the number? 🙂
 
There's likely no To: field because the sender blind carboned 100s (or 1000s) of addresses.

And yes, .doc files can absolutely be harmful. If you don't trust the source, don't open the file.
 
don't open emails from shady sources, no matter what. ESPECIALLY if there's an attachment.

the to: field could be spoofed.
 
yep, recently some vulnerabilities in MS office products discovered, which would allow (harmful) code execution. Possibly such a file.
 
Big picture: if you have Word or Office, then this is a good time to run your computer through Office Update: http://officeupdate.microsoft.com Keep checking until it comes up fully patched, it could take 2-3 visits if you're behind on your service packs as well as your patches. Also make sure your antivirus software has its Heuristics scanning enabled, and that it's set up to scan within compressed files/archives (and has up-to-date definitions, of course).

Also, use a Limited or Restricted-User account for daily-driver stuff such as email, office work, web browsing and IM. It's one of the more unkind things you could possibly do to malware authors :evil:
 
To add to what Mech said, before you open an attachment that you *think* is good, right-click it and scan it with your AV, and do the same thing with an anti-spyware program. Even if you know the sender, that person could have gotten hit with some bug that has his/her emailer sending out infected spam.

 
Here's another fun toy: VirusTotal's multi-scanner scans files you submit, using a whole stack of different antivirus scanners. You'd have to download the file from the ISP's webmail and save it to disk before you could upload it to VirusTotal, which could be an exploit risk if you use a desktop search engine such as Google Desktop.

My off-the-cuff guess, is that you received a GPCoder attack. Read Kaspersky's writeup on GPCoder, which is "ransomware." The MO is the same: send a document containing a macro that downloads a Trojan, which in turn downloads the GPCoder ransomware. The instance they give is also employment-related, looking like a job offer.

Setting Macro security to High would be smart, I suppose 🙂 Anyway, as they say in food-service training... "when in doubt, throw it out."
 
major zero day MS Office stuff (mostly excel, iirc) in the last week or so, so patching office, while good practice, isn't enough alone (as shown by mech).
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top