Malicious Microsoft Word docs warning: Think before you click on unexpected emails

Does that unexpected Word document contain a nasty surprise?
Written by Steve Ranger, Global News Director

Pause for a second or two before opening that unexpected Word document you've been emailed: you could be just about to make a nasty mistake.

There's been a surge in the number of malicious Word documents being spammed out by cyber crooks, according to tech security company WatchGuard. These documents might look legitimate but come packed with code that could put your corporate network at risk.

SEE: 30 things you should never do in Microsoft Office (free PDF)

Two separate exploits embedded in malicious Office documents were spotted targeting networks; documents containing the CVE-2017-11882 exploit were blocked by 17% of of networks; a second Office exploit was reported by 8%, according to the company's latest security report. That's a significant jump from the fourth quarter of last year, when the most widespread malware was a cryptominer.

The security company said that the CVE-2017-11882 exploit also appeared on its most commonly detected malware list, with its antivirus software blocking nearly 750,000 attempts to infect systems. 

Image: WatchGuard

Even though the CVE-2017-11882 exploit was patched way back in November 2017 - so you should be safe if your patches are up-to-date - it still continues to be an extremely popular method of attack. A report from Recorded Future ranked it as the third-most exploited vulnerability of 2018, and as my colleague Catalin Cimpanu explains, hackers like this particular exploit as it requires no action on the part of the victim to cause an infection, unlike most other Office exploits, which require that users enable macros or disable various security features via popups.

WatchGuard said the best defence is to train end users not to download nor open unsolicited Office documents, something that is easier for some workers than others.

"If they do want to open outside documents, also advise them to watch out for documents that prompt them to enable macros or any other active content. External documents that require additional user interaction should raise a red flag," WatchGuard said.

Also high on the list of common threats were phishing and Trojan malware. "You should train your users to treat unsolicited email attachments with suspicion," the company said.

Still, malicious Word documents aren't the most common security threat spotted by WatchGuard; that dubious honour goes to password-stealing tool MimiKatz.

And Mac users shouldn't get too smug, either; the security company said it had also seen a rise in Mac OS malware, with two variants becoming prevalent enough to make the most-detected list.

"This increase in Mac-based malware further debunks the myth that Macs are immune to viruses and malware and reinforces the importance of advanced threat protection for all devices and systems," WatchGuard said.

The report is based on anonymised reports from over 42,000 of the company's security appliances whose owners have opted in to data sharing. The company said those appliances blocked more than 23,884,979 malware variants, at a rate of 564 samples blocked per device.

Editorial standards