Skip to content

Computer attacks via Word and 'Watermain'

Computer security company, FireEye, is reporting that a  ‘malicious Word document’  is being used to infiltrate governments in Asia, especially India.  China is named as the probable source of these attacks over the last four years using a hack called ‘Watermain’.

Since this report involved Microsoft Office, Office-Watch.com was interested.  But the more we looked into this press release, the more mysterious it became.

FireEye’s press release was duly repeated by many outlets over the last few days even though it lacked any detail or, as far as we can tell, anything truly newsworthy.  Certainly there’s little in the announcement that will help anyone trying to protect themselves.

The attacks are reported to been happening for the last four years.  There’s nothing to suggest a reason for announcing the attacks now.

There’s no real detail on the attacks.  They start with an email supposedly with confidential information to lure the unwary receiver, but no example emails are given.

We’re told that ‘malicious Word documents’ are involved.  But what type of Word documents?  The ‘newer’ .docx format (now eight years old) or the old .doc format?    .DOC files are much more prone to infection or hacking than the newer format.

Be wary of email attachments and especially wary of attachments in ZIP format or the older Microsoft Office formats (the three character ones .doc .xls .ppt).

The hack is called ‘Watermain’.   It’s said to be the name of the code in the Word document.  Like many of these malicious hacks, the aim is to allow someone remote access to your computer.

But we can’t find any other mentions of ‘Watermain’ attack or Word document hack.   Not even on FireEye’s own web site!  (search for ‘Watermain’ and there’s no results)  The, much quoted, press release about these attacks isn’t even on the company’s own press release page!

We’re not saying that the company is making up the story.  Office documents are often sent via email to infiltrate organizations with the older .doc formats more commonly used.   Many of these attacks come from China where they may be supported by the government or large organizations.

But it’s a good example of a vague press release that does more for self-promotion than add to the sum of human knowledge.

About this author

Office-Watch.com

Office Watch is the independent source of Microsoft Office news, tips and help since 1996. Don't miss our famous free newsletter.