430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

Spam campaign relies on macros embedded in empty Word documents

Experts at Bitdefender have discovered a spam campaign that tricks antispam filters by relying on macros in Empty Word Documents. Security experts at BitDefender observed a new tactic adopted by spammers that rely on emails with an empty Word document in the attachment to bypass anti-spam filters. The social engineering strategy adopted by spammers to lure victims into […]

Spam campaign relies on macros embedded in empty Word documents

Experts at Bitdefender have discovered a spam campaign that tricks antispam filters by relying on macros in Empty Word Documents.

Security experts at BitDefender observed a new tactic adopted by spammers that rely on emails with an empty Word document in the attachment to bypass anti-spam filters.

The social engineering strategy adopted by spammers to lure victims into open the Word document is quite common, the documents pretend to relay financial information like invoice, banking informative or bill. Unfortunately, the document is empty and only includes a malicious macro used to compromise the victim’s machine.

“For a few days, cybercriminals have sent targeted e-mails to management departments – other departments may receive it too. The e-mails look like a tax return, a remittance or some kind of bill from a bank, and carry a Microsoft Word (.doc) or Excel (.xls) attachment. The e-mail isn’t stopped by antispam filters because the file itself is clean – and how could it be dangerous? It’s empty!” reports a blog post published by Bitdefender.

empty document email macro malware

 

Experts explained that this spam campaign served more than 7,000 emails in just one day, meanwhile recipients were mostly in Italy, France, US, UK, Australia, Canada and Germany.

A macro is a series of commands and instructions that could be grouped in a single command to accomplish frequently used tasks automatically.

In the recent months, the experts at MMPC have observed a significant increase in enable-macros based malware, the most active codes include Adnel and Tarbir.

Criminal gangs could use macros to instruct victim’s machine into download code from a remote location and execute any kind of malware, for this reason Microsoft made the feature inactive by default. Every time a user enable the macro, the office application displays user a message to inform about associated risks.
Security researchers at Bitdefender have detected a spam campaign that relies on documents with malicious macros to deliver malware from a remote location.

The macro code included in the empty emails is obfuscated to evade detection and researchers at Bitdefender confirmed that message used in this particular spam campaign always reach the inbox folder because the Word document does not contain any text.

empty email macro malware obfuscation

Avoiding infection is simple, do not enable macros embedded in any incoming Office document.

Pierluigi Paganini

(Security Affairs – Office, Spam)