back to article Watch out for phishing emails that inject spyware trio

An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. Researchers with Fortinet's FortiGuard Labs threat intelligence unit have been tracking this mailspam campaign since May, outlining how three remote …

  1. Pascal Monett Silver badge
    Facepalm

    So, you're not opening an email in Excel

    That sentence puzzled me. Even if you're using Outlook/Office365, you open mails in Word, not in Excel.

    "an email arrives with an Excel file that contains malicious macros"

    That is the proper sequence of events. You get a mail from someone you've never met, download the attachment and leave your brain dead while you double-click it and ignore all warnings.

    Because of course I'm going to open this attachment from some random stranger I've never met. He sent me this file, it must be important. What's the worst that could happen ?

    Oh.

    1. BobChip
      Linux

      Re: So, you're not opening an email in Excel

      Think I'll stick with Linux and Libre Office ...................

      1. Anonymous Coward
        Anonymous Coward

        Re: So, you're not opening an email in Excel

        .. or a Mac and LibreOffice..

        Microsoft, Adobe, Google, any social media. Remove that and you don't have to fight so hard to stay safe.

    2. Mike 137 Silver badge

      Re: So, you're not opening an email in Excel

      I'm guessing here as it's absolutely ages since I've used MS mail clients or allowed macros in Office documents, but maybe if 'attachment preview' is enabled in the mail client and macros are permitted to execute in Excel by default, the Trojan might activate without any user intervention other than opening the email itself.

      If so, security is once again antithetical to convenience.

    3. vtcodger Silver badge

      Re: So, you're not opening an email in Excel

      "Because of course I'm going to open this attachment from some random stranger I've never met."

      YOU probably won't do that unless the file content is obsfucated in some way and your OS somehow allows what appears to be a simple text file to invoke Excel. But if you have any significant number of employees, it's almost certain that a few of them can be prevented from doing so only by denying them access to email and/or Excel or by amputating their fingers.

    4. Handy Plough

      Re: So, you're not opening an email in Excel

      The majority of these attacks rely on ID-107 errors. The issue here is the built-in office viewers. The ID-107 doesn’t even need to open the file directly.

    5. simkin

      Re: So, you're not opening an email in Excel

      What if your job is opening similar files from customers or vendors?

  2. VoiceOfTruth

    National Security, if it is not just a slogan

    It is time that governments around the world banned Excel on national security grounds.

    1. Alpharious

      Re: National Security, if it is not just a slogan

      Powerpoint should also be banned, it's a dangerous neve agent that puts people to sleep and causes brain damage.

    2. Captain Scarlet Silver badge
      Coat

      Re: National Security, if it is not just a slogan

      You can enforce this whilst I hide from the accountants foaming at the mouth whenever they can't run a macro on one of their hideous monstrosities

  3. Version 1.0 Silver badge
    Facepalm

    It's not just Excel

    But email is a normal hazard these days, we see infections delivered in attachments daily. This is the email environment ... it's nothing new. Here's a monastery sig when this first started years ago ... "I would like to shake the hand of the man who first decided that e-mail clients should slice, dice and run arbitrary programs. Then I'd like to stir, blend and puree his hand.

    These days "security" is just a feature, not a requirement.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's not just Excel

      The I Love You malware or it might have been Melissa that was widespread around 2000 hit where I was working at the time. The down tools and don’t touch your PC message that was sent around verbally by managers was too late. Personally I didn’t have the preview window on Outlook set up but a lot of people did and therefore opened the email unintentionally. What made us laugh was the instruction from our lord and master (aka the boss) that he and his team were going to have an offsite meeting and he then marched us out of the offices. He decided we should have this meeting in a local pub and instituted a maximum drink rule. We needed to be sober if they had rid us of the bloody thing faster than we expected.

      1. NATTtrash
        Paris Hilton

        Re: It's not just Excel

        And with that, keep in mind that nowadays software isn't really helping. I mean, look at the way that MS is blocking IMAP access/ use of their whole Outlook/ Calendar/ Teams invite system. If you have somebody on IMAP, they don't get a workable invite, but just a silly message to go "change your settings". No details of the meeting/ call, you know, your actual work. And god forbid, no compliant ics. Nooooo, just "use our eco system". Ah well, productivity software...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022