Most of us who use Microsoft Word on a regular basis begrudgingly work around its default security settings. We’ve long grown accustom to doing things like switching a Word window out of its “Protected View” to its normal mode so we can edit documents, for instance. Sometimes, though, Word’s normal protections aren’t good enough. Last week, security firm Trend Micro reported that one hacking group had found a way to spread viruses through Microsoft Word documents without relying on older tricks like embedding “macro” mini programs in the documents.
This new method exploits Microsoft Word’s ability embed other files within a Word document. This ability can be useful for doing things like keeping a live, up-to-date, Excel chart within a Word document, but it apparently can also be used to help infect systems. When someone opens one of these altered Word files, Microsoft Word will connect to an outside server to download and then run a virus application!
This new method of infection is another reminder to not open random Word documents that come to your email inbox. Fortunately, this attack does have some signs that it is about to occur and can be stopped by an alert user. If you ever open a Word document and it pops up a dialog box asking to link to outside files you should click “No” then alert someone with the experience to look into what the file is trying to do.