Addressing the recent ASIS Asia Pacific Security Conference in Singapore, IT Fraud expert Jon MacDowall gave a live demonstration of how opening an MS Word file from an unknown source can compromise an entire hard drive:
“If you bear with me for just a moment I want show you what a fraudster can do with some access. What you’re going to see here is basically two personas. The first is an employee of any of our businesses shall we say, and the second will be a fraudster. In this particular case our employee receives an email with a word document, and she’s asked to review the document and get back to the sender. Happens quite a bit in our environment, wouldn’t you agree? We all get word documents on a regular basis. In this particular case she’s an excellent corporate citizen, she’s actually going to right click on the document and run a virus scan before she opens it – we all do that, right? Nobody does that right? Nobody actually runs virus scans before they open them. But what I want to show you according to the antivirus provider here there are twenty seven sub files found within the word document, zero detections, zero cleans, zero quarantines, zero deletions. In other words according to the antivirus provider this is a clean document. It seems OK for her to open it………
Now, acknowledging that nobody really takes the time to run a virus scan before we open documents, she’s done her job. She’s been asked to review the document and that’s exactly what she does. What she doesn’t realise is that right then, when she opens that word document, malicious code has been deposited on her computer. You don’t see the anti-virus program reacting and that’s typical, what we have, what we’re seeing on a regular basis is that 83/86% of these malicious codes are escaping detection by antivirus programs. The majority of them are not being detected.
So now you see with a free program, one of dozens of programs available on the internet for would be hackers, fraudsters. I want to show you what now this fraudster does as far as capabilities. He’s going to enable his remote screen capture capability. He can see the document that our employee is working on in real time. He’s going to enable his keystroke logger, we’re going to talk a little bit more about that in just a moment. Please watch this area closely because it happens very quickly. You saw him click and what he clicked on was an icon that said ‘dip drives’. And then he clicked another button to confirm it and then you saw his file store there in that list. What you actually saw happen was from the victim’s machine the hacker copied all of the files off of her C drive onto his computer. Now he has those files and they’re accessible to him at a later time if he wants to come back and go through those."
Under no circumstances should MS Word files from unknown sources be opened. Recently, there have been circular emails purporting to come from well-know oil companies recruiting for staff. These emails have attached MS Word files. The possibility that opening the attachments may deposit spyware on your PC and compromise the contents of you hard drive cannot be discounted. If you have opened such an attachment you disconnect your computer from the internet and seek immediate expert. Do not reconnect until you are satisfied that your computer has not been compromised by spyware.
