Even if you have antivirus software on board, think twice before trusting those email attachments. According to Proofpoint and others, the incidence of hostile payload–in this case the DRIDEX banking/finance Trojan–taking advantage of an MS Office vulnerability is on the increase.
Microsoft released the patch on April 11, but the lesson remains the same: There is a window of time between an exploit being discovered and the software vendor (or community project in the case of open-source code) being able to define, test, and implement a fix.
- Are you expecting the document?
- Do you trust the sender?
- Can you call or email someone to confirm what it is if you’re not sure?
Sadly, today’s rule for opening unfamiliar attachments or attachments from unfamiliar sources has got to be, “If in doubt–don’t!”