New Microsoft Word attacks infect PCs sans macros

[RV_]

Here's yet another attack using our own ignorance to infect you. Unless you click yes to the fake offer to open the rest of your document, it can't infect your system. This is another example of social engineering where there is a payload that only can attack if you invite it in out of ignorance.

Because Windows is well armored against direct attacks like in the 1990s, today's attacks have to fool you into opening an infected file in an email or website. This is called social engineering, and is about the only way attackers can infect us these days if we keep all our software up to date, and let Windows Defender do its thing. This article is short and has screen shots of the attack trying to get you to open the malware payload data. Read it, as it is not techie gobbeldy gook but in plain language.

This is a must read for anyone running Microsoft Office, or Libre Office/Open Office, and who opens Microsoft documents regularly.

Excerpt:

" A day after Trend Micro published its report about Fancy Bear, Microsoft posted an advisory explaining how Office users can protect themselves from such attacks. The easiest way to stay safe is to remain wary of unfamiliar messages that get displayed when opening a document. As SensePost first disclosed, before the DDE feature can be used, users will see a dialog box that looks something like the following:

"

The whole article with more screen shots of what to beware of, and related links is here: https://arstechnica.com/information-technology/2017/11/russia-linked-fancy-bear-attacks-abuse-macro-less-ms-word-to-infect-pcs/

Safe Computing!