Spam email virus hijacking Microsoft Word attachments: Fix expected on Tuesday

A new spam email virus has been reported over the weekend involving Microsoft Word that can wipe out an entire computer system with no warning. Microsoft is reportedly working on a fix that should be available on Tuesday.

In the meantime, consumers are being warned not to open any file attachments containing Word documents. This includes documents with the extensions .doc, .docx, .rtf, etc.

Kevin Anderson and Paul Anderson, both IT specialists with the Cache Valley Media Group, said the virus is undetected by antivirus software and can damage both individual computers and file servers. Until Microsoft releases its patch, the only way to avoid being infected by the bug is to avoid email attachments from Microsoft Word.

“Even if you think you know the person who sent it, it doesn’t matter,” said Kevin Anderson. “Until your computer system is updated tomorrow, don’t open any Word documents, no matter who they are from.”

Paul Anderson learned of the virus on <a href=”https://arstechnica.com/”>ARS Technica</a>, a news site for IT professionals. He said the Microsoft patch should automatically update tomorrow on computers running Windows versions 7, 8 and 10. Computer users whose systems are not set for auto updates should run manual updates.

“Older computers are going to be vulnerable,” Kevin Anderson warned. “If you’re still running Windows Vista or XP, you’re not going to be protected.”

Security experts are calling this virus a “zero day” attack, defined by Symantec Corporation’s <a href=”http://www.pctools.com/security-news/zero-day-vulnerability/”>pctools.com</a> as “a hole in software that is unknown to the vendor.”

“This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it,” the website says. “The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.”

Zero day attacks can involve spyware, malware and breaches in information security.  Researchers with cyber security firm <a href=”https://www.fireeye.com/”>FireEye</a>, say the Microsoft Word threat begins with an email infected with a malicious “booby-trapped” document. Once the file is opened, it downloads harmful computer code from “different well-known malware families.” While FireEye has reportedly been communicating with Microsoft for several weeks about the vulnerability, it was disclosed for the first time publicly on Saturday by <a href=”https://www.mcafee.com/consumer/en-us/store/m0/index.html”>McAfee</a>.

Once Microsoft releases its solution to this security breach, Kevin Anderson will verify that all computers on the networks he maintains have been updated. Individuals and businesses with questions about how to safeguard their own systems should consult an IT professional. 

<hr />

jennifer@cvradio.com

Free News Delivery by Email

Would you like to have the day's news stories delivered right to your inbox every evening? Enter your email below to start!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.