Malware strikes and data breaches have become common; some of us may even tend to think that malware strikes, data breaches etc are no longer news. Well, to an extent, yes, it’s no longer news. We hear of data breaches happening almost every day, that too in this era in which we take internet security so seriously and use antivirus for Windows, antivirus for Mac etc in large scale.
In early May, we came to hear of hundreds of millions of email accounts being hacked and usernames and passwords being traded in Russia’s criminal underworld (The news was later reported to be fake). We then had reports of credit card breach at TheTrump Hotel Collection and also of the data breach at the Wendy’s. Recently we heard of Facebook CEO Mark Zuckerberg’s Twitter and Pinterest accounts being hacked, followed by the hacking of the Twitter account of Twitter co-founder Evan Williams. There are also reports of passwords belonging to 117 million users of professional networking site LinkedIn having been put up for sale online.
Now, we come to hear of newer and newer hacking techniques being employed by cyber-criminals all across the world. The latest addition to this is the news of malware that strikes through a Microsoft Word Document.
How it works?
This malware strike happens just like any other email phishing thing. You get an email, seemingly sent by a company you’ve done business with or by a person known to you personally and using your LinkedIn profile. (Well, most of us are cautious of such mails, which we receive regularly, but there are many who take the bait following which their personal data get stolen). The email’s subject line would mostly be regarding an unpaid invoice and attached to the email would be a Microsoft Word document. You open the document and that’s it. You will be directed to a malicious website and your system gets infected. The malware that infects your system is the Trojan called Zeus Panda (also called Panda Banker). Using this malware, the hackers steal your online banking credentials.
What’s to be done?
Well, today almost all of us are concerned about internet security and immediately as we hear of malware, we think of antivirus for Windows, antivirus for Mac, antivirus for Linux etc. Well, antivirus is a must; always go for a trusted, effective antivirus. But that alone is not enough. We got to be cautious in the first place.
In the case of this malware that reaches you through Microsoft Word document, you have to be alert when you receive an email sent using your LinkedIn profile (comprising of things like your name, job title, the name of the company where you work etc). Be doubly alerted if the mail contains a Microsoft Word document and is about an unpaid invoice. And do remember, you’d be asked to enable macros, which you shouldn’t do. (Microsoft, as we know, automatically disables macros and you are always warned by Microsoft not to enable macros).