Malicious Office Documents

Most state employees work with Office documents every day.  One class of Office capabilities that most state employees rarely use is macros.  What is a macro? A macro is an automated way to perform calculations, tasks, or even something as simple as recording a chain of keystrokes. Macros provide the means for taking long repetitive tasks and automating them with a simple click. Unfortunately there are ways that macros can be used maliciously.

Things to watch out for are:

  • Blank documents;
  • Documents that contain random characters or symbols; and
  • Documents from an untrusted source that prompt you to enable content/macros.

The following is a malicious Excel document with the suspicious objects marked in red (CLICK to enlarge image):

The following is a malicious Word document with the suspicious objects marked in red (CLICK to enlarge image):
Simply running a malicious macro will set off a chain reaction that will have your computer download malicious files behind the scenes, hiding everything as it infects your computer. Once the computer is infected, the sky is the limit for what malicious activities could be performed. Sometimes the infections will perform a variety of malicious tasks that could slow down your machine to a crawl affecting work performance. Other times the infection could be controlled by a human to retrieve sensitive files while watching your every move.
To prevent these activities, do not click on “Enable Content” when Macros are involved in the Security Warning (CLICK to enlarge image):
If you are unsure about the email please forward the message to both: Report Spam email and Nicholas Penning
  • Don’t open documents from unknown users.
  • Watch out for suspicious file names.
  • Do not click on “Enable Content” unless you are certain the document is from a trusted sender and are confident of the document’s contents.
*A special thanks goes out to Nic Penning for providing the BIT Blog with this informational article!