Microsoft has warned Office users that viruses delivered via Word are back – and this time they could be even worse news for their victims.

By tricking users into opening malicious files, cyber criminals can change their browsers’ proxy settings to route their web traffic through their servers.

This means the hackers are able to steal victims’ usernames and passwords, as well as gathering information on their browsing habits.

“Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows,” Microsoft said in a blog post warning users of the new threat.

“Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10.”

It said that in a typical attack, users receive an email with an Word document attached. Inside the file, they are tricked into running a script by double-clicking on an object.

If the user gives it permission to run, the malware installs browser certificates and the Tor client and changes their proxy settings.

This enables the cyber criminals to see all web traffic – including HTTPS – and alter websites to deliver phishing and advertising campaigns, Microsoft said.

Subsequently, they could steal sensitive information and web credentials, possibly without the user even being aware that something is amiss.

“To avoid attacks like we have just detailed, it is recommended you only open and interact with messages from senders and websites that you recognise and trust,” Microsoft said.

“For added defence-in-depth, you can reduce the risk from this threat by following the guidance in our previous blog post on how to adjust the registry settings to help prevent OLE Embedded Objects from executing, or from running without your explicit permission.”

You may also like...

Keep Up To Date - Subscribe To Our Email Newsletter Today

Get the latest industry news direct to your inbox on all your devices.

We may use your information to send you details about goods and services which we feel may be of interest to you. We will process your data in accordance with our Privacy Policy as displayed on our parent website