RAT in Word document pretending to be Norton security email
Here’s another example of why older .DOC Word documents should be avoided. This time it’s a fake Norton LifeLock email and hacked document.
The Word .doc document has a fake login dialog .
Source: Unit 42
The document executes a known remote access tool NetSupport Manager. That tool has legitimate uses but has been used by hackers for the last few years.
There’s a fake login dialog with a simple, one letter, password (probably given in the email).
The big mistake is to Enable Macros and especially on a .doc Word file.
It’s very frustrating that many outlets follow the Microsoft party line by talking about ‘Word documents’ without making a distinction between older, less safe, .doc files and the modern .docx/.docm formats.
.docx Word files can’t run macros so even any trickery to fool people won’t work because there’s no code, malicious or otherwise.
Most of the almost weekly reports of infected Word documents involve older .doc files, though you have to read the details very carefully to know that.
Microsoft, for reasons known only to itself, doesn’t mention the .doc / .docx difference even though macro protection was a big reason why the change was made in the first place.
See Unit 42 for a detailed analysis of this latest scam.
Oblique RAT documents try to infect computers
Year of the Rat in Microsoft Office
Office 365 hack copies your emails without you realizing
Online Video hack now ‘in the wild; and Microsoft won’t do anything
Office 365 hosting an increasing target for hackers