No surprise that criminals are using Coronavirus/COVID-19 as a way to trick people into opening nasty Word document that could infect your computer.
All the usual suspects are trying to take advantage of Coronavirus to sell stuff. Plenty of fake โcuresโ being touted, usually existing โmiraclesโ rebadged to take advantage of the unwary.
Just one example is reported by Sophos, itโs a variant on the Trickbot campaign and targets Italians.
The inner workings of the hacked .doc file are the same, all thatโs changed is the wording of the email.ย Itโs supposed to come from a doctor passing along WHO recommendations for COVID-19.
Source: SophosLabs
.DOC beware
As usual, the infected document is the old-style .DOC format โ which should be a major โred flagโ that something is wrong.
โThis document was created in an earlier version of Microsoft Office Wordโ
A clever wording since that kind of warning occasionally does appear in Office.
Microsoft does NOT refer to โMicrosoft Office Wordโ using that phrase.
The copyright is another clever touch adding โcorroborative detailโ.
Instructions to bypass Office protections
The two instructions in the document are there to trick people into bypassing important protections in Office.
Enable Editing โ takes the document out of โProtected Modeโ which is the default for incoming docs from email etc.
Enable Content โ clicking that allows VBA scripts to run. In this case, it allows the code to infect your computer.
2019โs top software vulnerabilities featuring Microsoft Office
Coronavirus, Buttigieg and other topical words in Word & Office
Word’s Melissa virus is 20 years old – what’s changed?
Make your own Word virus for $40