Submitted by Loki-L t3_y9ly8o in technology
Comments
iNyander t1_it84c1w wrote
Can one even claim a Word document that's asking for macros from an unknown sender is undetectable? It takes a special kind of stupid to run that.
synapseattack t1_ita02b9 wrote
I'm sorry. But there is not anything special about that kinda stupid. It is actually surprisingly common in my opinion. To me this is my parents. My sisters. My grandparents and many many others. Most don't know wtf a macro is and won't bother looking it up before clicking "ok".
[deleted] t1_itan09u wrote
[deleted]
[deleted] t1_it84se2 wrote
[deleted]
alex_xxv t1_itap6e6 wrote
If only my coworkers could read they'd be very upset with your comment.
noorbeast t1_it6fcis wrote
Do not open a file from an unknown source, security 101.
FracturedEyeball t1_it6h84i wrote
Yeah, get a co-worker to do it.
BurningPenguin t1_it6ifcb wrote
No, forward it to IT and ask if this obvious scam message with 25 typos per line is suspicious.
King_Metatron t1_it6j618 wrote
If any mail with 25 typos per line were scams I wouldn't answer to any of my bosses and managers lol
Ganrokh t1_it767qu wrote
Our IT department just added a Gmail addon yesterday where if our work Gmail receives a suspicious email, we can click a fishhook icon that auto-forwards it to them. It's even easier now!
BurningPenguin t1_it76qrv wrote
As someone working in IT, I would have quit on the spot
wagon153 t1_it790u1 wrote
Why? I can't imagine it'd be difficult to have it configured to send those to a specific email folder for review later.
pickles_and_mustard t1_it7b2ee wrote
Someone who doesn't understand how to set up email filters is probably better off not working in IT anyway
BurningPenguin t1_it7gbaz wrote
If it's an email that is really hard to tell if it's spam or not, it's fine. But i'm getting regularly questions about mails that should be painfully obvious. Especially since those mails aren't unknown to the users in question. The usual crap about "expired password" or "check this totally legit onedrive website hosted on google drive, which i crafted in 2 minutes".
And since my boss doesn't want to adjust the spam filter, so that certain subject lines are filtered, i have to explain the same shit over and over again. Adding a button to make it easier to forward potentially infected emails would make it even more annoying. We're still using Office 2016 btw.
Fat_Wagoneer t1_it7ma7q wrote
Just write two stock emails.
One saying you’re good to go.
Another saying don’t open this, and here’s what to watch out for.
BurningPenguin t1_it7nqdb wrote
Yeah, i have that. But they're calling immediately after sending it. And i'm not always on my computer.
Fat_Wagoneer t1_it7qr9w wrote
Fair, I can see that being annoying.
JohnnyPeanutII t1_it882pt wrote
The problem is that users should be educated about identifying spam instead of relying on IT to assess every email. An easy little button opens the very real possibility of users abusing the ever-loving shit out of it. Which is fine; a ticket is a ticket. But if I'm assessing your emails all day long, don't get pissy when your 2-minute support task sits in the queue for 13 months if you're lucky.
BurningPenguin t1_itar67z wrote
Exactly this. Of course, I do encourage people to call me if they need something or have questions. This way, they won't do stupid shit just because they're afraid to ask. That's also the reason they prefer to give me a call, because I don't scold them, like the other guy does.
But it can get annoying, if I have to tell them the same stuff over and over again. I do write information and updates about things in our intranet page. Including recent occurring spam mails, how to recognize them and how to deal with it. But apparently not everyone is reading that.
[deleted] t1_it6y7d7 wrote
[deleted]
guale t1_it7ebo7 wrote
But how else will I know what's on the flash drive I found in the parking lot? What if it's a bitcoin wallet? Or really good porn?
drysart t1_it80kx6 wrote
This is the most garbage article I've ever seen in a while.
Not only does it describe extremely typical malware as "fully undetectable", but the behavior described is about as straightforward and naive (and thus, easily detectable) as possible. There's absolutely nothing unique or clever about the behavior it describes; it sounds like it's describing Baby's First Malware.
If you strip the specific filename out of the article and instead replace it with "named to look like a normal Windows process", then the rest of the article's text accurately describes literally thousands of different pieces of malware: run a script from a Word macro, dump a script file into an out-of-the-way directory, name it so it looks like some normal process, then run it to create a remote shell.
Dr-Retz t1_it9imqo wrote
Sounds complicated,just gonna click on it.
[deleted] t1_it6cgrz wrote
[removed]
[deleted] t1_it6j396 wrote
[deleted]
happyscrappy t1_it83at7 wrote
This is not a Windows backdoor. It's malware people are being tricked into installing.
OffgridRadio t1_it91zuq wrote
How... ever.. in the name of stupid... what... I can't... so dumb...
WHY IS A WORD DOCUMENT EVEN _CAPABLE_ OF LAUNCHING A POWERSHELL COMMAND?
Absolute idiocy.
[deleted] t1_ita46qi wrote
[deleted]
OffgridRadio t1_ita4gvk wrote
Yes but this particular exploit and related exploits for office/outlook are literally now in every corporate end-user IT security training. It is literally a ubiquitous problem.
In 25 years in IT I have never seen a legitimate use for a user-level command script launched from a word document.
designer-pad t1_ita5qwh wrote
I see your point. I’d challenge Microsoft to show a legitimate use case or scrap that feature. Their must be something there. Maybe they are leaving the door open for some business automation? (No shit, right?) It seams to me that some of Microsoft’s ideas include looking at applications already out there and thinking of ways to allow their products to do the same thing. So Enterprise Microsoft Customers can automate processes in a way that lets them avoid licensing other software. Usually its probably more a pain in the ass and takes a lot of time to find a way to automate everything using Microsoft Office, but if the stars align (Engineers with some down time, and the end project wont be frustrating) it could be worth it to keep the option open.
Have you heard of many stories of this being exploited in the wild? Why not just disable Macros with Group Policy?
OffgridRadio t1_ita6dzz wrote
Well as you said Macros are legit useful, I built a career on a foundation of automating dull work. Don't need to remove them entirely just don't need to expose operating system level commands to it!
FascistFeet t1_itcub7m wrote
Do you automate for one company or many?
OffgridRadio t1_itcuia5 wrote
Right now one. Our CEO has gone mad? and is crying about how we have to be in an office. I already moved lol. So maybe soon, many!
The contract side of what I do makes 10x as much. My boss and I talk about it a lot. We like our jobs and want to stay but we aren't afraid of the company getting weird.
[deleted] t1_ita96l7 wrote
[deleted]
ReasonableAdvance850 t1_itbyt1t wrote
Will this also work in my Pages for Mac?
ReasonableAdvance850 t1_itbyuxk wrote
LibreOffice for Ubuntu?
[deleted] t1_it81gb5 wrote
[removed]
[deleted] t1_it81twh wrote
[deleted]
[deleted] t1_it81jqx wrote
[deleted]
[deleted] t1_it81o94 wrote
[deleted]
TDMNS t1_it81koh wrote
For some reason, it doesn't even sound like news, to be honest.
nightwing12 t1_it700z6 wrote
I’ve realized the only more bullshit domain of compsci than machine learning is cyber security. Both fields full of liars and snake oil.
Lordnerble t1_it77rwq wrote
Yea but we get paid!
[deleted] t1_it6dkcc wrote
“Detectable back door gets detected” *