Here in the last week, both at work and at home, I have seen the following type of email:

 

This email has every indication of being malicious, with a password protected word document, unsolicited, and with very little details to go on.  Let's download this puppy into our virtual machine and check it against just generic Windows Defender built into the machine.

Screen Shot 2017-03-14 at 8.44.59 PM.png

Nothing seems all that unusual.   But if you open the file, it really wants you to enable macros and click on them.

 

Screen Shot 2017-03-14 at 9.21.18 PM.png

Look what happens when you enable the macros and click on the files.  A bunch of VB scripts.  Are those scripts dangerous?  Absolutely.

 

This virustotal scan was taken nearly one week after the files was emailed to us.  Are we brave enough to run the scripts in a controlled environment?

Comment