Slashdot Mirror
Malware Evades Detection By Counting Word Documents (threatpost.com)
"Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher's test environment," reports Threatpost, The Kaspersky Lab security news service. Slashdot reader writes:
Once a computer is compromised, the malware will count the number of Word documents stored on the local drive; if it's more than two, the malware executes. Otherwise, it figures it's landed in a virtual environment or is executing in a sandbox and stays dormant.
A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.
A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.
Even if you use LibreOffice I am sure you have word and excel documents lying around. If you do real work or a college student you are going to be emailed office documents.
http://saveie6.com/
Have you taken a college course or had to deal in a "business-to-business" interaction at all in the past 15 years? They all use the MS Word document format. I took college courses from 2007-2012 at several campuses, of course with different professors... They pretty much all used Word documents to distribute whatever documents they needed to digitally. I think there was maybe 1 course where we were given a link to a PDF. It's not about what you use, it's about what the other guys use.
If you do real work or a college student you are going to be emailed office documents.
I'm not sure I see the connection between doing a college student and being emailed office documents.