I got an email from my step mom, who never emails me, that went out to a huge list of people, Titled “Sure would love to see you” and attached is a .docx document that says “Christmas Party.”
I am highly suspicious that her account got hijacked and is spitting out some sort of virus/spam to everyone on her contact list.
I’ll email my dad back and check with him about it, to see if it is legitimate, but he won’t be awake for several hours.
In general, can a .docx file contain a virus, that, when opened could infect my computer?
Am I already in trouble for just clicking on the email?
For what it’s worth, I was using the simplified HTML version of Gmail. I have not downloaded the attachment yet.
This is pretty usual. Yes the document is probably tainted, Word files may contain macros that can be malicious, or other exploits.
The sender field in an email is trivially forged, and has no bearing on the real source of the email. You should be able to see the actual mail delivery headers in the mail if you explicitly try to, and this can usually reveal the real path the mail took to get to you. But the sender field is about as reliable as the sender’s address on the back of a physical letter. So it is as likely that her email account has not been hacked. But her computer may have a virus/malware that has slurped her contacts and is itself sending the email or the contacts has been send to a bot-farm that is sending the email - or your contact details have been compromised and used to synthesize an email to you from one of your contacts.
Don’t open the attachment. That much is obvious. Worth checking for the whole range of breaches, but worry about malware on your and her computers, as well as checking her gmail account. Usually, actual hijacking of mail accounts leads to much more targeted and worrying emails being sent than simple malware mailouts.
Sadly compromising of email accounts is common, with phishing emails asking your to “revalidate” or similar and providing a link to a bogus site that looks like a GMail (or whatever service) and asks you to provide your login. Even otherwise quite smart people fall for these, and get their accounts hacked. What happens next sometimes isn’t pretty.
If you’ve already opened the .DOCX, it may not be that bad. Modern versions of Word and Excel have paranoid security settings by default, precisely because of such occurrences. If those settings are still in place, Word probably didn’t allow any macros to be executed, displaying instead a warning in a yellow bar at the top of the window.
ETA: Oh, I see you haven’t opened the .DOCX. Well, good for you.
I changed my gmail password just to be sure. I haven’t done any phishing things but I really needed to change it anyway. It’s unique now and if it had been compromised, should be safe now.
Thanks for the good answers. I did know about how easy it is to spoof the “from” field in sending emails, but the fact that it went out to all of her contacts (several of which are people who are not in my contacts list, most in fact), made me think her account really did get hijacked.
Then again it might be a legitimate email. I’ll wait to hear back from my dad. I sent him an email and he usually checks his emails at around 7am pacific time.
I also regularly run Microsoft Security Essentials (it’s on all the time and I do somewhat frequent scans). But I’m also download malwarebytes anti-malware and will run that.
I used to like Spybot search and destroy, but recent reviews seem to say that it’s absolute garbage. So I won’t be using that anymore evidently.
You may wish to make sure Windows shows end file extensions — as in .docx is really .docx.exe — Windows by default feels this information is too intoxicatingly dangerous for users.
Ah, that is a critical bit. I would be worried about the integrity of either her account, machine, or sanity :dubious:
She may have got it from someone else and decided it was cute and on-sent it. Doesn’t mean it is safe - such documents have been a favourite vector for malware.
Best practice is to check with the sender if you receive an unexpected attachment, the message body seems uncharacteristic, or the To list is large and random. Looks like you have all three.
Since 2007, a Word file with macros has an extension of .docm. If you save a file as .docx the macros will not be saved with it. (Prior to 2007 there was only one extension .doc regardless of whether it had macros or not.) If you save a .docm file then change the extension to .docx, Word will not open it, complaining that the file content does not match the extension.
If you have Word configured properly for security (e.g., Disable all macros with notification), it will notify you if you open a file that has macros and will run them only if you explicitly allow it. Starting with 2010, Office documents that come as email attachments are opened in Protected View, which won’t allow macros to run and won’t even allow you to edit the document unless you click a button to choose to.
This is key and a weakness of Windows that has been exploited for years. By default, Windows will not show you file extensions. You have to explicitly change the setting to see them. This is literally the first thing I change when I install a new version of Windows. Outlook observes this setting and you will not see the extension in an attachment. Dangerous files can be named destroymycomputer.docx.exe but to the user it looks like destroymycomputer.docx. However, this does not extend to web-based email clients, which can display file names however they want.
File extensions hardly matter. An executable payload could be renamed with the .docx extension, and depending on the configuration at the receiving end, the mail client, or browser, or OS may helpfully try to treat it as what it is, rather than what it is called.
I always display file extensions, and it is also the very first thing I do after doing a fresh windows installation. Why windows hides file extensions by default, I will never understand.
Trivia: a .docx is actually a .zip file that follows specific standards for what it files it contains and how they’re organized. Rename one to .zip and check it out.
Huh. Did not see that answer coming. Good to know - I thought .docx was pretty darn inert. What other ubiquitous files should I worry about? Basically anything from open office or microsoft office, I assume; what about audio/visual files?
Maybe it is a setting from the IT staff at work but whenever I get an microsoft office document in email when I open the document office explicitly asks if I want to allow VB to run for that document. If the document has VB to run. This does not happen for documents saved that have not come from email. A similar thing happens for files downloaded with a browser.
Also I don’t understand the need to even allow hiding file extensions.
The explanation is simple.
It annoys me (as an IT worker) since I want to know, what type of file is it, but most computer users don’t even know what these file extensions mean. So it happens a lot of times that when they try to rename a file, they delete the extension – which in turn will render the file “useless”.
Whilst I agree with (what I think is) the thrust of your statement (that file extension is no reliable metric of safety or otherwise), can something like a plain text file contain a virus? Have you heard of such a thing?
I guess if ‘contain’ is taken in its most literal, bland meaning, a text file can contain a the code of a virus, but it’s not going to be infectious in that state.
It depends what application has been used to create the text file. I don’t see any reason why you couldn’t create one that was binary identical to an executable file. A file is just a sequence of bits, after all. Certainly you can open exe files as text in many text editors, and they just display the non-ASCII bytes with special symbols. Using something like Notepad, no you probably couldn’t create such a file.
[ETA] OK, by “plain text” I guess you mean using ASCII (or Unicode) characters only. In that case no, unless the application opening the file was explicitly written to interpret the text as instructions, rather like MS Word might interpret macros embedded in docs.
What other ubiquitous files should I worry about? Basically anything from open office or microsoft office, I assume; what about audio/visual files?