You must log in or register to comment.

[deleted] t1_it6dkcc wrote

“Detectable back door gets detected” *


iNyander t1_it84c1w wrote

Can one even claim a Word document that's asking for macros from an unknown sender is undetectable? It takes a special kind of stupid to run that.


synapseattack t1_ita02b9 wrote

I'm sorry. But there is not anything special about that kinda stupid. It is actually surprisingly common in my opinion. To me this is my parents. My sisters. My grandparents and many many others. Most don't know wtf a macro is and won't bother looking it up before clicking "ok".


alex_xxv t1_itap6e6 wrote

If only my coworkers could read they'd be very upset with your comment.


noorbeast t1_it6fcis wrote

Do not open a file from an unknown source, security 101.


FracturedEyeball t1_it6h84i wrote

Yeah, get a co-worker to do it.


BurningPenguin t1_it6ifcb wrote

No, forward it to IT and ask if this obvious scam message with 25 typos per line is suspicious.


King_Metatron t1_it6j618 wrote

If any mail with 25 typos per line were scams I wouldn't answer to any of my bosses and managers lol


Ganrokh t1_it767qu wrote

Our IT department just added a Gmail addon yesterday where if our work Gmail receives a suspicious email, we can click a fishhook icon that auto-forwards it to them. It's even easier now!


BurningPenguin t1_it76qrv wrote

As someone working in IT, I would have quit on the spot


wagon153 t1_it790u1 wrote

Why? I can't imagine it'd be difficult to have it configured to send those to a specific email folder for review later.


pickles_and_mustard t1_it7b2ee wrote

Someone who doesn't understand how to set up email filters is probably better off not working in IT anyway


BurningPenguin t1_it7gbaz wrote

If it's an email that is really hard to tell if it's spam or not, it's fine. But i'm getting regularly questions about mails that should be painfully obvious. Especially since those mails aren't unknown to the users in question. The usual crap about "expired password" or "check this totally legit onedrive website hosted on google drive, which i crafted in 2 minutes".

And since my boss doesn't want to adjust the spam filter, so that certain subject lines are filtered, i have to explain the same shit over and over again. Adding a button to make it easier to forward potentially infected emails would make it even more annoying. We're still using Office 2016 btw.


Fat_Wagoneer t1_it7ma7q wrote

Just write two stock emails.

One saying you’re good to go.

Another saying don’t open this, and here’s what to watch out for.


BurningPenguin t1_it7nqdb wrote

Yeah, i have that. But they're calling immediately after sending it. And i'm not always on my computer.


JohnnyPeanutII t1_it882pt wrote

The problem is that users should be educated about identifying spam instead of relying on IT to assess every email. An easy little button opens the very real possibility of users abusing the ever-loving shit out of it. Which is fine; a ticket is a ticket. But if I'm assessing your emails all day long, don't get pissy when your 2-minute support task sits in the queue for 13 months if you're lucky.


BurningPenguin t1_itar67z wrote

Exactly this. Of course, I do encourage people to call me if they need something or have questions. This way, they won't do stupid shit just because they're afraid to ask. That's also the reason they prefer to give me a call, because I don't scold them, like the other guy does.

But it can get annoying, if I have to tell them the same stuff over and over again. I do write information and updates about things in our intranet page. Including recent occurring spam mails, how to recognize them and how to deal with it. But apparently not everyone is reading that.


[deleted] t1_it6y7d7 wrote



Byaaahhh t1_it77kvv wrote

Exactly! I was just so happy someone gifted me this sweet mp3. You just don’t get these good free mp3 emails anymore.


iNyander t1_it84ki7 wrote

Blame Windows for hiding extensions by default.


guale t1_it7ebo7 wrote

But how else will I know what's on the flash drive I found in the parking lot? What if it's a bitcoin wallet? Or really good porn?


drysart t1_it80kx6 wrote

This is the most garbage article I've ever seen in a while.

Not only does it describe extremely typical malware as "fully undetectable", but the behavior described is about as straightforward and naive (and thus, easily detectable) as possible. There's absolutely nothing unique or clever about the behavior it describes; it sounds like it's describing Baby's First Malware.

If you strip the specific filename out of the article and instead replace it with "named to look like a normal Windows process", then the rest of the article's text accurately describes literally thousands of different pieces of malware: run a script from a Word macro, dump a script file into an out-of-the-way directory, name it so it looks like some normal process, then run it to create a remote shell.


Dr-Retz t1_it9imqo wrote

Sounds complicated,just gonna click on it.


happyscrappy t1_it83at7 wrote

This is not a Windows backdoor. It's malware people are being tricked into installing.


OffgridRadio t1_it91zuq wrote

How... ever.. in the name of stupid... what... I can't... so dumb...


Absolute idiocy.


[deleted] t1_ita46qi wrote



OffgridRadio t1_ita4gvk wrote

Yes but this particular exploit and related exploits for office/outlook are literally now in every corporate end-user IT security training. It is literally a ubiquitous problem.

In 25 years in IT I have never seen a legitimate use for a user-level command script launched from a word document.


designer-pad t1_ita5qwh wrote

I see your point. I’d challenge Microsoft to show a legitimate use case or scrap that feature. Their must be something there. Maybe they are leaving the door open for some business automation? (No shit, right?) It seams to me that some of Microsoft’s ideas include looking at applications already out there and thinking of ways to allow their products to do the same thing. So Enterprise Microsoft Customers can automate processes in a way that lets them avoid licensing other software. Usually its probably more a pain in the ass and takes a lot of time to find a way to automate everything using Microsoft Office, but if the stars align (Engineers with some down time, and the end project wont be frustrating) it could be worth it to keep the option open.

Have you heard of many stories of this being exploited in the wild? Why not just disable Macros with Group Policy?


OffgridRadio t1_ita6dzz wrote

Well as you said Macros are legit useful, I built a career on a foundation of automating dull work. Don't need to remove them entirely just don't need to expose operating system level commands to it!


FascistFeet t1_itcub7m wrote

Do you automate for one company or many?


OffgridRadio t1_itcuia5 wrote

Right now one. Our CEO has gone mad? and is crying about how we have to be in an office. I already moved lol. So maybe soon, many!

The contract side of what I do makes 10x as much. My boss and I talk about it a lot. We like our jobs and want to stay but we aren't afraid of the company getting weird.


TDMNS t1_it81koh wrote

For some reason, it doesn't even sound like news, to be honest.


nightwing12 t1_it700z6 wrote

I’ve realized the only more bullshit domain of compsci than machine learning is cyber security. Both fields full of liars and snake oil.