Beware of a possible Word attachment that can reach your email with your name, it could be a virus. It is convenient to be very attentive to this type of attached documents that are arriving via email, a well-known virus called Emotet is making news again in recent weeks.
Anyone who does not know his way of proceeding can be deceived, and It is a virus with which you have to be very careful.. The truth is that it can be quite real because it arrives via email from an address that may be known to you, and they even address you by name.
It is not a new technique to try to bypass the controls carried out by antivirus software, Emotet did the same in the past. And again, have the objective of deceiving their victim in order to execute a very dangerous macro in a Word document to try to penetrate the PC.
How to get Emotet on your PC
Emotet, which is what the virus is called, has a very clear objective once it manages to gain access to the PC and infect it. Its purpose is to try to steal data from its victims and even passwords of those services that the user accesses, but it is also capable of downloading malicious software.
Your means of entry is through a Word document, as we discussed before. That attached Word document seems to come from a reliable contact, and may even be addressed by your name, so at first glance it would not seem suspicious to anyone.
But the reality is that the Word in question has a series of macros inside italthough when the victim opens the document he does not see any type of text, but there is and what happens is that it uses a white font so that it cannot be seen, which avoids raising suspicions.
That attachment is very light, just 616 KB, but in case the user is tricked into running the hidden macro, the size can go beyond 500 MB. To try to make that happen, encourages the user to click on the “enable content” option.
This is a Word security measure for all documents that are downloaded from the Internet, to prevent precisely these things. In this case it was not going to be less, when you open the document that comes with the mail, you are informed that it is not accessible until you click on the previous option.
What is Emotet capable of?
If the user clicks on the “enable content” option, they will have given permission to Word to unlock the document and what happens now is that will run a macro without the victim being awarethe consequences of which also remain practically invisible.
From there, the macro will have the ability to download a certain compressed file from the Internet, and it will execute a DLL key that infects the computer. Now it will be when Emote begins to “work” on its objective, steal critical information and even passwords.
Also is capable of downloading more viruses to the PC to continue infecting the PC. What is clear is that you have to be very careful with this type of threat, even if you receive a Word that seems trustworthy from a known contact, you should always be alert because it could be a virus.
In general, a document that arrives to you via email does not bring macros and, therefore, there is no need to run it, so that’s when you can start to get suspicious, if you open Word and it asks you to enable a content, it’s probably running a macro with bad consequences.
Right now, the Emotet virus is coming again in the form of Word as an attachment in emails and recognize your name is making a comeback in various countries in Europe, Latin America and the Pacific, so be very careful with any attachments you receive.
Via: arstechnica
