Since a few weeks an old malware family, Emotet, is back infecting thousands of systems all over the world. Emotet is best known as a banking trojan, trying to steal banking credentials. But it has grown into something much more dangerous.
The criminals behind Emotet make a new version a few times a day. This prevents anti-virus software detecting this malware, which in turn results in numerous new infections every day. Emotet uses macros in Office 365 (Word, Excel etc) documents to infect computers. As a counter measure Microsoft Word and Excel disable editing for documents from unsafe sources as standard. These are documents that are downloaded from a website or received through email.
Word and Excel do offer a button to enable editting and running macros. The criminals try to lure the victim into clicking the buttons.
Do not click the button.
Giving the document a sense of urgency is one of the tricks criminals use to prevent people from thinking before acting. Any text about Enable Editing or Enable Content is a sure indication this is malware.
Report the attempt to CERT-UT and delete the message.
If you want to help us fight these attacks you can train our spamfilter.
More tips about keeping your computer safe, can be found in our 10-step plan.
If you want to know more about Emotet, you can find information in the Proofpoint blog.
