back to article New phishing campaign uses 30-year-old Microsoft mess as bait

The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files. As Internet Storm Center handler Brad Duncan writes, the vector in the Word documents uses Microsoft Dynamic Data Exchange (DDE), a feature that lets Office application …

  1. Mark 85
    Facepalm

    Since users have to okay execution, Microsoft steadfastly insists DDE is a feature, not a bug.

    So it's a buggy feature then with the bug in the users who click on everything?

    1. Amos1

      It's just an electronic Darwin Award. They sort themselves to the top by clicking on everything, they get encrypted and that removes them from the Internet. Everybody (else) wins.

      1. EarthDog

        Now you are blaming the victim.

        1. Anonymous Coward
          Pint

          Second word should have had a "not" beforehand. Really doesn't matter, much. The user is busy waiting for a pint to be served to them by the computer. And getting a poisoned chalice instead.

        2. Anonymous Coward
          Devil

          Now you are blaming the victim.

          In IT blaming the luser is always correct. If you don't know what you're doing, you shouldn't be doing it. I never understood why everybody is allowed to use a computer without a license...

          1. Anonymous Coward
            FAIL

            Re: Now you are blaming the victim.

            " never understood why everybody is allowed to use a computer without a license..."

            The same reason you don't need one to use a set of ladders, a hammer and a drill.

            It's a tool (bit like yourself by the sounds).

            Far more people have been killed or injured by using the aforementioned than a computer, but I'm sure you are so superior you understand fully how to set up ladders safely and when to revert to scaffolding.

            And did you inspect your car tyres this morning? Thought not.

            1. Anonymous Coward
              Anonymous Coward

              Re: Now you are blaming the victim.

              Sarcasm not appreciated here <G>

              Anyway, for some professional use you may need a license, and undergo mandatory safety training. For more complex tool you may need to undergo courses/training before being allowed to operate a machine which can be dangerous. Just, today, you can create big damages being unable to operate a computer properly.

              BTW: I inspected my car tyres Saturday, before a long weekend trip. Even if my car has pressure sensors. And will mount winter ones in a couple of weeks...

              1. Joe Montana

                Re: Now you are blaming the victim.

                General purpose computers are not suitable for most people, and aren't aimed at such... They are tools meant for geeks and well trained IT departments.

                Games consoles, iPads etc are more aimed at end users and don't require anywhere near as much maintenance as a general purpose os.

            2. Anonymous Coward
              Anonymous Coward

              Re: Now you are blaming the victim.

              "The same reason you don't need one to use a set of ladders, a hammer and a drill.

              It's a tool (bit like yourself by the sounds)."

              Except DIY tools can't give someone the other side of the world the keys to your life and also pass the problem on to thousands of other people.

              "And did you inspect your car tyres this morning? Thought not."

              Whether he did or not, you seem to forget that using a car DOES require a license simply because it is a complex piece of machinery.

              1. alisonken1

                Re: Now you are blaming the victim.

                Actually, last time I checked, you only needed a license if you plan on driving on _public_roads_. If you own a large plot of land, then anyone you let can drive on land without a license.

                Not so much because a car is complicated (only if you're a mechanic, a driver only needs to know how to make it go in forward or reverse, which pedal makes it go, which pedal makes it stop. Helpful is also where to put gas - hopefully without lifting the hood/bonnet), but because you are now on public roads where other people expect that they are not going to be run over or find out they've driven into a crash test dummy scenario.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Now you are blaming the victim.

                  So you're advocating a license to get on the _public_internet_ instead of merely using a computer?

              2. This post has been deleted by its author

            3. John Brown (no body) Silver badge

              Re: Now you are blaming the victim.

              "The same reason you don't need one to use a set of ladders, a hammer and a drill."

              If you're using them at work, yes you do. Working at Height safety training, Asbestos awareness training )if drilling into the building fabric) to name but two.

              1. Mike Pellatt

                Re: Now you are blaming the victim.

                I was going to say exactly that, but you beat me to it by an hour or two :-)

                Try getting a job in construction without one of these

                https://www.cscs.uk.com/

                Or turning up without PPE.

            4. Kiwi
              Coat

              Re: Now you are blaming the victim.

              Far more people have been killed or injured by using the aforementioned than a computer, but I'm sure you are so superior you understand fully how to set up ladders safely and when to revert to scaffolding.

              And did you inspect your car tyres this morning? Thought not.

              Well, actually... I also know when NOT to use scaffolding even when the regs say it must be used! (ok, but NZ safety regs basically say if you want to work at 1m or higher you need full harness and all sorts of other protection - just about bad enough that a electrician kneeling on the floor to work has to have safety harness attached nearby).

              And yes, actually, I did inspect my tyres this morning. Need 4 new ones sometime in the next month or so, maybe 2 since Christmas is coming up. 3 of them could be used as mirrors! (joke - for the humour impaired)

          2. Anonymous Coward
            Anonymous Coward

            Re: Now you are blaming the victim.

            @ never understood why everybody is allowed to use a computer without a license...

            One word: E. C. D. L.

      2. Flashfox

        I like your "Darwin Award" LOL

        Reminds me of people who ask me to help them with their computers and see that their browser window is about 2" tall. The rest of the browser's window is filled with search bars.

        When I point this out to them and dare ask why they have so many, the typical answer is "It was offered and I clicked on it". <-- That's why I like the Darwinian award for these people LOL

    2. Anonymous Coward
      Anonymous Coward

      I'm so sure that it's a bug in the user as prior experiences for the user included training conducted by the Microsoft Windows operating system that one should always just click through. So, from the perspective of this outsider, the users are actually just following Microsoft training guidelines.

      Maybe I'm missing something here?

    3. Mage Silver badge
      Facepalm

      Stupid MS Techs

      These are related stupidities. None should have been used, only ODBC and Named Pipes.

      Active X, esp in webrowser (IE only). (Much crazier than Java in Browser, which is crazy compared to Javascript or Actionscript). Active X should only be in native local programs

      Really stupid designs:

      DDE

      COM

      OLE

      DCOM

      Macros and VBA in Office documents are a different class of problem.

      There are loads of other stupid things easily disabled that should never have existed such as Autorun (Imagine my horror when I discovered basic CD disabling left it active on Network shares and USB sticks!). Or the way USB HID works (not MS's fault, committee included Apple and Intel). Or uPNP/SSID services. Why also have Server service, Telnet, HTTP server, Remote Registry and Remote desktop on by default in most versions of Windows?

      History of windows is some good ideas, bad implementation, NT security model made useless by applications only really designed badly for Win9x (no security) and totally STUPID installation defaults for 30 years.

      1. DF118

        Re: Stupid MS Techs

        "Macros and VBA in Office documents are a different class of problem."

        Seen some really rather cleverly obfuscated VBA code which spunked a small executable binary to disk byte by byte. Allowed to run on an air-gapped machine, the resultant exe created a small and very tenacious startup entry intended to grab and execute the real payload.

      2. BongoJoe

        Re: Stupid MS Techs

        ActiveX was developed in times when the internet was a wonderful place to be before spazzheads got to play. It had a few faults but it was a fabulous idea but came to a crunch when, if I recall, someone in Germany used ActiveX to hack into bank account details.

        Okay, it was developed in a young and vibrant, and very naive, time when the web was becoming bigger than the rest of the internet and perhaps it should have been reconsidered.

        As to your other items on your list. OLE was an early strategy that was very young and exciting when it came along. Who can forget the things that one could now do in the early worlds of Windows 3?

        As for COM. This is/was a brilliant design and worked well. The only downside is if an installation failed it was a bugger to untangle in order to get going again. It's good to code against because, hopefully, it just works: one creates an interface for someone else to use your application.

        I use COM daily in my own business which basically has my applications use MS Word as its report generator and it all works over COM. And it works brilliantly.

        As for VBA. I disagree. Yes, it can be misused but it can be a powerful tool. I've got an application that I have shared between my customers that they use. It does a lot of data analysis via piles of linked lists (double headed) and various binary trees and it does all sorts of stuff which one can't do in a simple spreadsheet.

        VBA is much derided as nothing more than a macro coding scripty thing. But it need not. In my previous life as a software developer I working for various clients in the City I had Word's VBA interfacing, via COM, various document management systems and contact databases to produce no end of documents and to make the users' lives that much simpler. There could be be tens of thousands of lines of code behind some of the global templates (not to mention the document templates) which would do a hell of a lot more than simply scripting.

        It may never have been Flavour of the Month but it was a hell of a great technology and I remember at one time there being over 100 mainline applications with VBA. But your view may differ, and I understand that.

        As for DCOM, or "COM 'over there'", that was a right bugger to make that work and I would love something that was better designed so I am with you on that one.

        1. Anonymous Coward
          Holmes

          ActiveX developed in naive times?

          @BongoJoe: "ActiveX was developed in times when the internet was a wonderful place to be before spazzheads got to play"

          That's news to me as at the time, Microsoft was touting Windows NT as the next-generation e-commerce platform.

          1. BongoJoe

            Re: ActiveX developed in naive times?

            Walter, this I don't deny at all. But look at the number of anti-virus suites we had to have in those days? Next to none. The IT world was just waking up to the dangers of malware after NT was being developed.

            Yes, we had firewalls in those days and one or two server side malware packages (can't remember the name now) but the dark days of malware hadn't yet arrived in force.

            What I am saying is that, at the time, without the wonderful point of view of hindsight Active-X at the time was a wonderful idea, one that was utterly ruined by those seeking to abuse it.

            1. Mike Pellatt

              Re: ActiveX developed in naive times?

              They weren't more naive times.

              They were times exactly like today.

              Every security professional said "FFS, don't do ActiveX. It'll be a disaster waiting to happen"

              Microsoft said "Our customers want it. We're doing it"

              I remember this very, very well. Especially when the sierra-hotel-one-tango subsequently hit the fan.

              Rinse and repeat.

              1. JLV

                Re: ActiveX developed in naive times?

                >They weren't more naive times.

                totally true. +10

                i also remember how long it took MS to disable by-default autorun.

                and what was it, Melissa or I love you, that finally got them to turn active email VBA off, after telling the security community precisely that they could f*** off because it was a convenient feature demanded by "their users marketing dept"?

                Pre-capable JS/Java/Flash nasties, ActiveX was _the_ pest wrt security, perceived as almost as bad as downloading random Exes and running them. Luckily the web wasn't near as populated w nasties as now - but not through any good effort on MS' end.

                @BongoJoe - revisionism in either bad faith or cluelessness, not sure which. Not many people w half of half a clue thought like you in those days.

                1. BongoJoe

                  Re: ActiveX developed in naive times?

                  Not many people w half of half a clue thought like you in those days.

                  I would agree. Not many people with a demi-semi clue thinks, or thought, like most of us. Which I am happy to say because I wouldn't like to be on the same wavelength as those with a QuarterClue which, I may hazard, may be where you stand too.

            2. Anonymous Coward
              Anonymous Coward

              "But look at the number of anti-virus suites we had to have in those days? Next to none. "

              How old are you? Antivirus software was already a big business in the DOS days - even if very few PC were connected to larger networks, and thereby nobody knew what a "firewall" was. Most infections were through infected executables and diskettes.

            3. Anonymous Coward
              Terminator

              Re: ActiveX developed in naive times?

              BongoJoe: "Active-X at the time was a wonderful idea, one that was utterly ruined by those seeking to abuse it."

              Active-X wouldn't be a problem if the underlying OS was secure. I mean if you're going to tout NT as an e-commerce platform, you should expect people to try and break in. Despite the current Wikipedia entry stating that Windows NT was 'not designed with Internet security in mind' Microsoft was touting NT as THE Internet platform as far back as 1995.

              1. BongoJoe

                Re: ActiveX developed in naive times?

                Hang on, I wasn't touting NT as the e-commerce platform at all.

                But, since you raised the issue. I have to ask, what was the alternative on the desktop at the time?

                I couldn't see anyone taking a previous incarnation of Windows seriously at this point. There was the Mac but the problem was writing applications for the platform and getting them approved before release. Unix had died in a series of (still continuing) lawsuits between SCO and about everyone else. Linux was still a very much niche operating system at the time and certainly wasn't going to be taken seriously by 'industry'. OS/2 was making a bit of an attempt of kick starting something but never got off the ground.

                Even NT didn't get going until NT4. 3.5.1 was a good improvement over 3.5 but it took NT4 to get going.

                At the same time the back end of Microsoft miraculously got itself together like in one of those rare moments when the planets align. Windows Server worked, the domains could stand up on its own but make sure that one had a back-up domain controller. SQL Server worked well and Exchange worked too, though that took a bit of a prodding to get going and needed some real Exchange-heads to get to work properly.

                On the front end we had NT4, a more or less working version of Office. Though what comprised Office was a strange permuation of any four from six applications: was Access in your version, did we have Publisher in another and was there Powerpoint? And we had Visual Studio as well.

                Everything lined up and for the first time we had a good and stable platform from the back end to the front end (okay, the TCP/IP was traditionally ropey as per Microsoft's wont) but we had something.

                And with this knocking out the like of Lotus and Novell losing ground too there wasn't any real competition any more to the new Microsoft. So when they stood up and said we're the new e-commerce platform it was a case of industry looking around at the alternatives at the time, shrugging its collective shoulders and saying "You know, I don't see anyone else so you'll do".

                With this it did bring some great technologies. COM as I have said before and got down voted for it was, and still is, excellent. And I will continue to stand by that. VBA was also a brilliant technology and it still offers a lot more back in 1997 than I can do now with a lot of these free office tools, espcially those online.

            4. Kiwi
              Thumb Down

              Re: ActiveX developed in naive times?

              But look at the number of anti-virus suites we had to have in those days?

              Thunderbyte, F-Prot, Norton AV (pre Symantec I believe, when they were actually able to detect a virus!), McAfee, Avast, AVG, Avira, BitDefender, Dr Web, ESET, F-Secure, Kaspersky, Sophos, Trend Micro - all were around before 1998, some of these firms before 1990.

              I've got a feeling I've actually barely scratched the surface of what was available in 1997.

              We had a lot of AV suites back then. A BBS SysOp could spend a hell of a lot of their time playing with them just to decide what they'd have on their system and what they'd reject. That's how come I remember so many of them (damn I wish we had VM"s back then!)

          2. Anonymous Coward
            Anonymous Coward

            Re: ActiveX developed in naive times?

            "That's news to me as at the time, Microsoft was touting Windows NT as the next-generation e-commerce platform."

            To much laughter it has to be said (apart from a few idiots who actually fell for the marketing BS). IIRC at the time MS still had to run hotmail on *BSD and a lot of MS's own internal systems were on mainframes because windows wasn't stable enough and didn't even get close to the stability of *nix until Win2000 came along.

      3. Anonymous Coward
        Anonymous Coward

        Re: Stupid MS Techs

        You never developed complex applications, it looks. OLE/COM/DCOM are the very same thing (DCOM adding the "distributed" part). ActiveX is still COM - with just some specific interfaces.

        Actually, COM/DCOM security model is pretty sound, you can have ACLs down to the single method call, it just need to be used properly.

        ODBC is not a generic model for interop and RPC. Using socket or named pipes, you're going to reinvent the wheel over and over. Unixes have RPC as well - how do you believe NFS works?

    4. JLV

      >bug in the users

      Well, yes... have you noticed how much of MS stuff flags everything as of concern and puts the onus on you to filter out possible threats?

      - UAC: are you sure you want to view your ODBC sources? Not update, mind you, view.

      - UAC: are you sure you want to open your own XLS, where you've been the only author, and run formatting-only macros, which don't access the system or the network? I've only asked you this 20 times for this XLS.

      - UAC: are you sure you want to allow running of unsigned Powershell scripts? Even when you're the author?

      Once you've been thoroughly conditioned into clicking yes on everything, then, yes, when something really nasty punches through MS's security theater, then it's your fault.

      What they're missing is a "are you sure you want to turn this computer on?" Then everything subsequent would be your fault*.

      * how naive I am - that bit's already in the EULA.

  2. This post has been deleted by its author

    1. Peter2 Silver badge

      To be fair, you can configure office not to allow file downloads and act in a pretty much perfectly secure manner. It's just that most users* have no idea that you can download a gpo from microsoft and then configure it to behave safely.

      * and most administrators, apparently.

      1. JLV

        >users* have no idea

        that's another pet sin from MS: even when they have the bits are in place fro more secure setups, the default config defaults to convenience over security:

        - I bitched that Windows passwords are limited to 16 chars - they're not, as another poster corrected me - MS hotmail logins are limited that way and since it's hard to see an alternative setup - 16 char for you by default.

        - Recently complaining that UAC didn't ask for a password, I was corrected that it does, if you're not set up as an admin account. Great, but a no point did the user comfig wizard ask me - user or admin? and then the machine was reinstalled ar an MS Genius bar cuz it couldn't upgrade Win 8.1 Pro to 10 Pro (ironic that). - So their own professionals set me up that way again.

        - Now you're telling us - and it's appreciated - that if you jump through definitely not basic-user hoops you can have a more secure Office.

        it shouldn't be that way. Jekyll-MS has taken great strides since the mid 2000s to enhance security - they implemented ASLR before Apple for example. There's a proper(?) permission system for files, hidden somewhere too. But Hyde-MS insists on keeping all sorts of worst practices like not allowing to uninstall Flash and hiding security features away so as not to stress out our pretty little heads.

        Unfortunately for MS, consumer users are starting to have an idea: just go to a Mac or Linux and relegate Windows to games and/or specialized software in a non-secure context. Mac costs and Linux techiness are the main allies for MS but PC sales are still plumetting.

        If Linux or Apple ever spin up a credible desktop enterprise ecosystem, MS will be hit hard. They have a good story wrt to business infrastructure but their recent inability to commit to their own new technologies is tarnishing even that. And sufficient pointless UI changes between versions are eroding popularity-via-familiarity.

    2. Anonymous Coward
      Anonymous Coward

      "I can't understand why Office doesn't run automatically in a sandboxed mode by default"

      It does.

      "where ALL file and registry, etc accesses need to be manually (or pattern based) approved,"

      It does. You have to approve any active content and enable editing when you open a document.

      1. Jon 37

        "You have to approve any active content and enable editing when you open a document."

        Except if you're trying to view a Word document with tracked changes, and want to see what was changed, then you have to "enable editing". So people get used to clicking "enable editing".

        Or if you're trying to view an Excel spreadsheet that has internal hyperlinks, and you want to click the links or even just see the link text, then you have to "enable editing". So people get used to clicking "enable editing".

        Then you have people who are trained to disable the sandbox mode because it doesn't work. It's not surprising they disable the sandbox when an attacker sends them a document.

        1. Anonymous Coward
          Anonymous Coward

          "Except if you're trying to view a Word document with tracked changes, and want to see what was changed, then you have to "enable editing". So people get used to clicking "enable editing"."

          But it's still sandboxed by default and it warns you before you do that. If someone random sends you a Word document and tells you that you need to view tracked changes, and you do it, the problem is not with Office...

          1. Kiwi
            WTF?

            But it's still sandboxed by default and it warns you before you do that. If someone random sends you a Word document and tells you that you need to view tracked changes, and you do it, the problem is not with Office...

            And it doesn't bother you that, by your own admission, viewing "tracked changes" is a vector for malware?

            What do they put in the water at MS HQ?

        2. el_oscuro
          FAIL

          What is one of the first things you might want to do with a document that you receive? Print it maybe? Well you can't do that from the sandbox/preview mode, so you have to "enable editing" just to print.

          So yes, that sandbox mode is totally useless, except for training users to click on everything,

          1. BongoJoe

            Oh, I really do agree. That was a complete mess because the act of printing changed some of the meta-data within the document and that caused no end of issues with change handling because it was a change. Especially if some nwmpti put one of those macro thingies in the footer which changed the date and time.

            And imagine that then in a legal document when the document changes between instances thanks to a printing. Bloody pain in the arse that is.

  3. Herby
    Joke

    Microsoft Windows...

    Is a feature, not a bug...

    Sorry, I must categorize this as a joke, but for some reason, it isn't that much of one.

  4. Anonymous Coward
    Anonymous Coward

    All your

    Microsoft Dynamic Data Exchange are belong to us.

  5. Anonymous Coward
    Anonymous Coward

    30yr old Microsoft Mess?

    And?

    Isn't it still a pile of steaming dog poo?

    Yet it is the darling of Wall St...

    My brain hurts and it is not even 07:00

    1. John Brown (no body) Silver badge

      Re: 30yr old Microsoft Mess?

      DDE predates MSOffice. It was around in at least Win3

  6. Frank Zuiderduin

    A 20-year-old mess? Been around since 1987? Erm... I seem to be missing a decade.

    1. Anonymous Coward
      Happy

      I know the feeling.

    2. InNY

      20 years ago it was 1997

      1987 is 30 years ago. So no lost decade.

      1. Prst. V.Jeltz Silver badge

        Re: 20 years ago it was 1997

        87 is before office was a glint in Bill G's eye.

        So is DDE (dynamic data exchage) an industry term in use before office , or the name of this particular feature/bug in office? in which case how can it be older than office?

        I'm basing all this on a quick google , and wikip says office v1 - 1990

        1. Dan 55 Silver badge

          Re: 20 years ago it was 1997

          DDE was baked into Windows in 1987, again according to Wikipedia.

          (I should know, I've just edited it.)

  7. Jos V

    Outlook crap

    This is an issue of two steaming piles of crap. The first being the idiot accountants/procurement ppl, the second being Outlook.

    I handle POs and invoices a plenty, but never in my world do I open one if I didn't ask for one, or didn't expect one. And even if I do, I double check with the vendor directly. Only aardvarks with less of an IQ than a demented hamster open these malicious attachments and the only equipment they should be allowed to work with is a stapler and an unconnected copy machine.

    Just last week I received one of these "invoices" from a company unknown, and here's where Microsoft falls on it's face. The attachment was in the form of "invoice.doc.jar". Does Outlook mark it as a jar file? NO. It shows a nice Word icon, as it doesn't look beyond the first extension name. My explorer settings are set to show all extensions and hidden files. Outlook happily does not comply. And why the hell does Outlook not flag a .jar file in an email attachment (why it even punches through corporate mail filters is equally questionable)?

    There is just no excuse for anyone employed by any company for opening these kind of attachments, but Microsoft sure is not helping!

    1. Christian Berger

      The sad thing is...

      ... that in many companies even technical roles are forced into using Outlook and Office products as well as Acrobat Reader.

      At the company I'm currently working at, we had one of those encryption malware, which was just a matter of time as we have no actual security. The IT department was congratulated!

      1. Prst. V.Jeltz Silver badge
        Trollface

        Re: The sad thing is...

        ... that in many companies even technical roles are forced into using Outlook and Office products as well as Acrobat Reader.

        oh the humanity! did you want to decode your own mime in your head?

    2. Anonymous Coward
      Anonymous Coward

      Re: Outlook crap

      On the subject of extensions. I had to deal with a problem where a non-IT consultant to our company was sending us Word docs with two full-Stops in the filename before the 'docx' part.

      Shows as Word file, saves out from email as word file, but doesn't open in word.

    3. Anonymous Coward
      Anonymous Coward

      Re: Invoice attachments

      I get these at the rate of around 10 a week. It is amazing the number of Tier 1 companies that don't have email addys specifically for phishing emails.

      I guess they don't care. If my forward (including the headers) gets bounced then that company goes on my 'do not do business with' list.

      Proud member of MA (Microsoft Anonymous) for more than 1 year.

      {which will probably get downvoted but I don't care}

      1. Joe Montana

        Re: Invoice attachments

        If you forward an email which contains spam or phishing, it's likely the recipients spam filter will pick up on the spam content and consider you a bad sender.

        I reviewed a bank where they setup a phishing@ address for customers to forward suspicious mails to, and they commented that they didn't receive many examples... Turns out their corporate spam filter was catching a majority of the suspicious emails forwarded by users, and they had no way to turn filtering off for just one address.

      2. Anonymous Coward
        Anonymous Coward

        Re: Invoice attachments

        What do you expect the Tier 1 companies to do with the phishing emails? yea, some scammer forged $COMPANYNAME on a phish email, that doesn't mean they can do anything about the botnet or scammer that generated the message.

    4. Fruit and Nutcase Silver badge
      Joke

      Outlook/Lookout

      At one place I worked, Outlook was referred to as "Lookout" by some in IT.

      Joke icon - if only

      1. chivo243 Silver badge
        Windows

        Re: Outlook/Lookout

        @Fruit and Nutcase

        Notlook is what we called it when we used it... and for the other MS train wreck we called it Outbreak Express... Fun times!

        1. Fatman

          Re: Outlook/Lookout

          <quote>Notlook is what we called it when we used it... and for the other MS train wreck we called it Outbreak Express... Fun times!</quote>

          You forgot the other train wreck: Internet Exploder.

          1. Pedigree-Pete
            Mushroom

            Re: Notlook/Lookout/Outbreak Express/Internet Exploder....

            anyone else remember File Mangler (Win 3ish). PP

      2. dajames

        Re: Outlook/Lookout

        At one place I worked, Outlook was referred to as "Lookout" by some in IT.

        It's known as "Outhouse", around here.

    5. Prst. V.Jeltz Silver badge

      Re: Outlook crap

      @Joss V

      "invoice.doc.jar". Does Outlook mark it as a jar file? NO. It shows a nice Word icon"

      What version you got we're on a quite eldeerly 2010 version , and I just sent

      New Text Document.doc.jpg.jar.htm

      to myself , and it shows it as an htm doc - complete with all file extensions showing.

    6. John Brown (no body) Silver badge

      Re: Outlook crap

      "Does Outlook mark it as a jar file? NO. It shows a nice Word icon, as it doesn't look beyond the first extension name."

      Well, that certainly sounds like a bug to me. It's an elementary parsing error since the "." is valid in the filename for use other than an extension separator. For that matter, a file doesn't actually require a "." plus extension either, so that Outlook parse code is badly broken.

      1. BongoJoe

        Re: Outlook crap

        "Does Outlook mark it as a jar file? NO. It shows a nice Word icon, as it doesn't look beyond the first extension name."

        I wonder if it handles this differently if the diseased Hide Known Extensions option is disabled within what I call File Explorer?

        Sorry I can't test this as I dumped Outlook some years ago. I had enough of MS' improvements and have moved since to Thunderbird.

  8. Anonymous South African Coward Bronze badge

    Locky is a bastard once it encrypts your files.

    Even more fun if it encrypts the financial database on-the-fly and hundreds of users lose a day's work*...

    *at an ex-company who shall remain nameless.

    1. keithpeter Silver badge
      Windows

      @Anonymous South African Coward

      "Even more fun if it encrypts the financial database on-the-fly and hundreds of users lose a day's work*..."

      At least no delay then - didn't get into the backups.

      1. Prst. V.Jeltz Silver badge

        "At least no delay then - didn't get into the backups."

        That is the key with ransomeware. The most important thing. When they make one that lies in wait for a couple weeks there will be real chaos

        1. Anonymous Coward
          Anonymous Coward

          They already do.

  9. Doctor_Wibble
    Paris Hilton

    Easy botnet-identifier list anywhere?

    I see stuff about botnets and what they are spreading but there doesn't seem to be a handy lookup table (seems to be the only thing I want these days!) for spotting which one is talking to you. Preferably not 'weather balloon'.

    There is a fair bit of variety between them in the SMTP conversation right from the first helo/ehlo which does seem to make them quite distinctive and identifiable and immediately trackable without having to process the message itself.

    Also, are we looking at a Halloween Special? The volume of attempts over recent weeks might suggest that but maybe people aren't so worried about tradition these days.

  10. John Smith 19 Gold badge
    Unhappy

    Like quite a lot of MS stuff DDE sounds powerful and useful, but is actually powerful and

    dangerous.

    Dynamic Data Exchange. IOW breaking a complex task into a series of simpler ones driving each other through links at the user level.

    AFAIK very few people have dug into the protocol enough to actually use it properly, except people who write malware.

    Another clever idea that should have changed the world (and sort of has).

    But not in a good way.

    1. Prst. V.Jeltz Silver badge

      Re: Like quite a lot of MS stuff DDE sounds powerful and useful, but is actually powerful and

      If users are going to click yeah , yeah , yeah , accept , ok , accept , continue , yes, yes.

      until something happens there is little hope to avoid malware *

      You could just bung a load of vba code into that office doc and it would have done the same thing - you dont need obscure API thingies

      *assunimg at home without corp protection of gpo , firewalls email filters etc

  11. mark l 2 Silver badge

    It's just a social engineering problem, people get used to just clicking yes and ok on dialog boxes because software keeps popping them up for the slightest thing to hold the users hand all the time.

    If this vector wasn't so easy to just get the end user to click ok and they had to follow some instructions such as 'Go into this menu, open this setting, untick this box, then click ok they would be much more vary about doing it and probably 99% wouldn't do it.

    If the 'feature' is not useful to the majority of the users of the software it should be disabled by default and have to be specifically enabled to use it.

  12. Kiwi
    Linux

    I'm so saddened by this news :(

    How can I get malware like this? I want to play in this world of lost data and having to use "bitcoin" and so forth, but I'm not allowed to.

    Linux just won't weaken up the security, and LO doesn't have these security bugsfeatures.

    How can I play these games? Am I forever to be bored by my nicely secure system? :(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like