There are a number of services who are warning users to beware of opening Microsoft Word attachments. For example, Norton posts, “Be wary of any file sent to you as an email attachment, even an innocent-looking Microsoft Word file. These files could contain viruses or other malicious software that might damage your system or steal your identity information.” Ryan Barrett, Intermedia, warns, “We recommend refraining from sending or opening any Word documents via email.” net works writes, “We would like to inform all Microsoft® Office users of a new zero-day attack that installs malware onto fully patched systems running Microsoft’s operating system via an Office vulnerability.” The Hacker News writes, “Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office.” Jennifer Steele Christensen, Cache Valley Daily. explains, “consumers are being warned not to open any file attachments containing Word documents. This includes documents with the extensions .doc, .docx, .rtf, etc.”
Ray Marmash, Arx Networks explains, “Microsoft Office has a feature called “Protected View” that is enabled by default; however, you should double check your settings to make sure that this feature is turned on. If you open a Word document and see this pop-up, it’s a pretty good indicator that something is wrong.”
Do not click for more details or enable editing. Delete the email message and the attachment immediately. If you do open a Word document that has instruction of any kind, do not follow the instructions – Many of these will say something like, “Click Enable Content on the yellow bar above to view this document,” No legitimate Word document will require you to follow instructions in order to view it. If you have to enable something or allow something, then it’s doing more than just displaying a document.
Online Threat Alerts explains this type of malware or trojan is “using an old technique in an attempt to infect their potential victims’ computers with viruses, Trojan horse or other malware. The technique involves sending their potential victims a fake email message with a malicious or dangerous Microsoft Word or Excel document attached. The malicious document contains a set of malicious code or instructions called a Macro, which when enabled, will download and infect the victims’ computers with viruses, Trojan horse or other malware.”
Only open attachments from trusted sources. You even need to be careful if an email from a friend, your bank, or from anyone you know because it is easy to put a ‘trusted source’ in the FROM box and pretend to be someone you know or trust. Verify if your trusted source actually sent you the attachment.