Over the last few days, we began seeing malicious pieces of spam containing a Trojan that makes use of macros within the .doc Word attachment. A macro is a series of commands and instructions the can be grouped together as a single command to accomplish a task automatically. Macros are often used by spammers to perform malicious tasks when working with a document.
These particular emails are targeted at Windows and Microsoft Office users. Users that open the attachment with Apple or Android devices as well as Office alternatives such as LibreOffice and OpenOffice should be safe but do not enable macros if asked by the attached file.
The email begins as a very simple plain text email pretending to be an email from a vendor with an invoice attached, as seen in the examples below. I would like to point out that in an effort to evade filters or at least make blocking these a bit harder, the spammer has been utilizing .doc files which are commonly emailed file types. The attachment usually has a basic name such as invoice.doc, batch.doc, etc.
When you receive emails such as this, please make sure to review the company being referenced as well as the sender's address. Some of these emails are using a spoofing technique to spoof your domain to appear as though it is from an email address on your own domain.
We are currently taking steps to adjust the filters on our end to capture similar emails going forward. If at anytime you are skeptical of an email you have received, please feel free to reach out to us for assistance at firstname.lastname@example.org. You can also find some additional steps on how to handle suspicious emails here.
You can also scan suspicious files and URLs using VirusTotal, located here.