Look out for .doc files. They contain a vulnerability that could let hackers take control of your computer. The news comes from a pair of cybersecurity firms that have uncovered a bad bug in Microsoft Word that acts as a gateway for unwanted visitors to your machine. Microsoft is working on a patch for the problem, but it has yet to be pushed out to users of Microsoft Word. It should be coming soon.
According to CNET:
The malware can be disguised as important files or documents sent over email, meaning a student’s homework or an office presentation could be harboring the next attack. You might even have to worry about your finances: Researchers have found that during tax season hackers send spam emails pretending to be from a “tax officer” with a fake tax refund form attached as a Word document, with malware embedded.
The attack cannot be activated if people open the documents in Office’s protected view, McAfee said.
The exploit works like this: The attacker gives an RTF file a .doc extension name. Once the victim opens the disguised text document, it connects to the attacker’s servers and automatically downloads an HTML application file and launches it, giving the hacker full control of your device.
If the exploit is successful, it closes the downloaded Word document and creates a fake copy of it, while quietly installing malware in the background.