Ursnif is back in Word documents to steal your identity
The long-standing Ursnif trojan is back in a new form to infect computers and steal personal information, all via a Microsoft Word document. To begin, we’ll repeat a warning we’ve been making for years …
No .doc files!
DO NOT open .doc files from any source (not .xls or .ppt either).
Most infected and dangerous Word documents use the old ‘.doc’ format which was replaced over a decade ago. Ursnif is just one of many nasties that need .doc format.
The new form of Ursnif Trojan tries to trick people into running the dangerous macro code by clicking the ‘Enable Content’ button. The document admits that it’s the old .doc format and falsely claims you need to click the ‘Enable Content’ button to view the document.
“This document created in previous version of Microsoft Office Word. To view or edit this document, please click ‘Enable editing’ button on the top bar, and then click ‘Enable content’”
In technical terms, this is known as ‘Bulls%$^t’.
The main trojan payload isn’t included in the document at all. The Word macros grab malicious code from the Internet. When that code is run, it collects your personal data then sends it out to criminals.
Office exploits have come of long way from simple, easy to read, code. In those days, Microsoft tried to dismiss the whole problem by calling them ‘prank macros’, as if infected Office documents could not do any harm. They can. Don’t open them.
Here is a link to a free, online document converter that will quickly convert a .DOC file you may have received into a .DOCX file. Convert the document first, then open the .docx file.
How to Change Your Email Address with the Least Hassle
HAVE A PLAN. KEEP GOOD RECORDS. START EARLY. DON'T RUSH!
Changing your main email address can be a time-consuming and frustrating process but it may be necessary. For example, it might be required if you switch to a different network or different ISP. Here are some suggestions that will, hopefully, help you avoid some surprises.
Probably you will have many organizations (companies, government departments, businesses, institutions, charities, etc.) as well as many friends and other people to notify about the change. Just figuring out whom to notify and how to do it can be a big chore.
When you try to update the email address in your accounts on the various organizations' websites, you will probably find that many of the requested updates don't work. I last changed my email address many years ago and almost a quarter of the well over 100 organizations I notified did not handle it well, if at all. (Updating personal correspondents is a lot easier.)
You may think you have successfully made the change thru an organization's website and then find they are still using your old address, maybe months later. The organization didn't change its records everywhere it should have when you told them to update the address. Some don't even provide a way for you to request a change. For a login ID, some use the original email address you entered at account-setup; however, they don't provide a way to change the login ID if you later change your email address. Some may refuse to accept the format of your new email address. Some even provide links to obsolete or non-existent "profile" web pages. You must just keep bugging the appropriate Support people (hopefully you can reach them) until they fix their problems or give you a workaround.
Getting completely switched over to the new address can take months. Don't wait until the last moment to start the change process, i.e., don't wait until just a few days before your old email address will stop working. You don't want important emails being sent into a black hole because the sender hasn't yet switched to the new address. Note that some websites require that you still have access to the old email address to authorize the change to a new email address. Presumably for a long time you will need the ability to send/receive with both the old and new email addresses.
With so much going on, it can be very helpful to keep a log of all the requested changes, as well as when and how you made them. Record any problems you had and how you resolved them or are trying to resolve them.
PLANNING AND NOTIFICATION STAGES: To help you see how much work might lie ahead, a few weeks before starting notifications about the email address change, it helps to do some prep work. I went thru all the websites I would need to notify about the change and made a list of what was required to do a "profile" update for each. I did no notifications yet; in fact, at this point I still did not have a fully tested new address. Finding out how to do the update at a website sometimes required a good deal of exploration since the update process was not always obvious. Having this how-to list made things much easier when I did the actual website updates weeks later.
Similarly, in this pre-notify period, I went thru all my email address books, trimming them down and using Outlook’s flagging and sorting facilities to group those people I would later notify. This made the later notifications easy to do. Also, during this time, I did text searches on my PCs to find miscellaneous files that had my current email address and might need to be updated. That meant I could very quickly switch to updated files when my notifications began.
In summary, I separated a lot of the work into a pre-notify planning stage to get a feel for what I was about to get into (and maybe to decide not to do the change at all if there was some showstopper.) Of key importance was that I could do all this planning work well before I had even settled on a specific new email address. Having already done so much work in the planning stage also meant that during the later notification stage I could concentrate mainly on solving problems, which I knew would arise. The work done during the planning stage made the notification stage easier to do. This split into planning and notification stages worked out very well in my case.
WHY I CHOSE MY NEW EMAIL ADDRESS: SikhNet has been around for a long time. Moving from a private email server to Gmail is not a complicated process and you can leave your old email address active and forward all incoming mail addressed to that address to your new one. That way you don’t have to keep checking the old account.
For many other people, using something like Gmail (with IMAP) is a better solution than an ISP hosted email account from whoever hosts your website, if you have one.
That's it for this month. Just a quick reminder to please share your tips or tech experiences with the rest of the Sangat. Just email me and tell me your story, and keep sending me your suggestions for column topics, along with your own favorite smartphone app recommendations and reviews so I can share them here with the rest of the Sangat.