Skip to content

Coronavirus scams and nasty Word documents

No surprise that criminals are using Coronavirus/COVID-19 as a way to trick people into opening nasty Word document that could infect your computer.

All the usual suspects are trying to take advantage of Coronavirus to sell stuff. Plenty of fake ‘cures’ being touted, usually existing ‘miracles’ rebadged to take advantage of the unwary.

Just one example is reported by Sophos, it’s a variant on the Trickbot campaign and targets Italians.

The inner workings of the hacked .doc file are the same, all that’s changed is the wording of the email.  It’s supposed to come from a doctor passing along WHO recommendations for COVID-19.

Source: SophosLabs

.DOC beware

As usual, the infected document is the old-style .DOC format – which should be a major ‘red flag’ that something is wrong.

‘This document was created in an earlier version of Microsoft Office Word’

A clever wording since that kind of warning occasionally does appear in Office.

Microsoft does NOT refer to ‘Microsoft Office Word’ using that phrase.

The copyright is another clever touch adding ‘corroborative detail’.

Instructions to bypass Office protections

The two instructions in the document are there to trick people into bypassing important protections in Office.

Enable Editing – takes the document out of ‘Protected Mode’ which is the default for incoming docs from email etc.

Enable Content – clicking that allows VBA scripts to run. In this case, it allows the code to infect your computer.

2019’s top software vulnerabilities featuring Microsoft Office

Coronavirus, Buttigieg and other topical words in Word & Office

Word’s Melissa virus is 20 years old – what’s changed?

Make your own Word virus for $40


About this author

Office Watch is the independent source of Microsoft Office news, tips and help since 1996. Don't miss our famous free newsletter.