Didier Stevens

Wednesday 18 November 2015

Maldoc Social Engineering Trick

Filed under: maldoc — Didier Stevens @ 0:00

Xavier has an interesting SANS ISC Diary entry on a malicious Word document we analyzed. The VBA macro code contains a function (func_FormatDocument) for which Xavier has no clear explanation. This function pulls of a social engineering trick. It “decodes” the document by giving the text with a white font color (thus invisible) a black font color, and by removing the headers.

I created my own document to reproduce this trick in this video:

Blog at WordPress.com.