Xavier has an interesting SANS ISC Diary entry on a malicious Word document we analyzed. The VBA macro code contains a function (func_FormatDocument) for which Xavier has no clear explanation. This function pulls of a social engineering trick. It “decodes” the document by giving the text with a white font color (thus invisible) a black font color, and by removing the headers.
I created my own document to reproduce this trick in this video:
Please share the example of this doc. That template would help in security awareness phishing campaigns… (as well as for those in real phishing of course).
Thanks
Comment by jd — Monday 23 November 2015 @ 13:11
@jd Xavier has shared the VBA code in his ISC SANS Diary entry. Just copy the VBA code for function func_FormatDocument and use it in your Word document.
Comment by Didier Stevens — Monday 23 November 2015 @ 13:43
[…] Maldoc Social Engineering Trick […]
Pingback by Overview of Content Published In November | Didier Stevens — Friday 11 December 2015 @ 0:00