not a day passes by that spammers/crackers/evil money addicted people try to infect your system with an word.doc attached to some mail from “police” “government” “paypal” “facebook” “google” “apple” or whatever.

here is the latest scam that:

a password encrypted word.doc to bypass virus scanners.

as soon as you open the document with MS Office and enter the password i bet (did not test) you will get ransomware infection (all your files will be encrypted and you will have to pay bitcoins to cracker’s address to get the key and possible some of your files back (maybe not all))

… another reason to use linux and open office… (although this is also no 100% protection).

for researches:

the attached files:


sha512sum: 59e0bc3309831ae9f4a15ad01e45217c2c8cb5d5458dfd10acf6d3582fbd42e5a6c09205d6cbb330d863ebc6c83279663b97a61c8bb2318625e6769f0042becc uscourtgov.com_scan_admin.doc

mail header:

Return-path: <>
Delivery-date: Wed, 09 May 2018 13:27:17 +0200
Received: from ([])
	by with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <>)
	id 1fGNFd-0007Bm-DT
	for; Wed, 09 May 2018 13:27:17 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;;
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default;;
Content-Type: multipart/mixed;
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Subject: Case 137-28-ZGC
From: "Dominick Jones" <>
Date: Tue, 8 May 2018 13:29:03 -0700
Message-Id: <>
X-redirected: yes

This is a multi-part message in MIME format

Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Civil Action No. 3KC-UI-BXM

You're commanded to show up at the time, particular date, and place to actually admit at a deposition to be taken in this specific civil procedure.

Pass word to access the doc is 615145

Best regards,
Jerry Mcfadden
United States District Court

Content-Type: application/msword;
Content-Transfer-Encoding: base64
Content-Disposition: attachment;


resume: how to get more security?

to rely on virus scanners or other firewall scanning appliances can be as sophisticated as they want – they all rely on known virus patterns.

it is possible since 10 years to pack / create “individual” virusses that will bypass any virus detection system.

yes the world just got more complex – more work for admins = good or bad?

countermeassure1: easy

update your system / browser and UNINSTALL MICROSOFT OFFICE AND INSTALL LibreOffice / OpenOffice NOW!

countermeassure2: advanced

all computers that NEED access to mail and the dangerous javascript virus ridden www, need to run outside your corporate LAN and should only be accessible from corporate LAN in ways that do not allow file-access e.g. remotedesktop.

countermeassure3: extreme

after all meltdown and spectre meltdowns – what could lead to a more resilient it landscape is (just as in nature by the way): bio Diversity.

in computer terms: different kinds of prozessors / different kind of Operating Systems doing the important task. (e.g. intel and AMD CPUs of the last 20 years are known to be susceptible to meltdown and spectre but RISC-CPUs are not, like Freescale PowerPC RISC CPUs)

so if you want resilience in your it landscape: i guess you will have to run at least two servers doing the same task with completely different hard and software – and the task ought to be completed with two completely different programs with different concepts written in different languages.

sounds like a headache?

it surely is.

this is probably the most extreme kind of “error correction mechanism” you can imagine.

but i bet it works.

liked this article?

  • only together we can create a truly free world
  • plz support dwaves to keep it up & running!
  • (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
  • really really hate advertisement
  • contribute: whenever a solution was found, blog about it for others to find!
  • talk about, recommend & link to this blog and articles
  • thanks to all who contribute!