Hello, welcome to the Thursday, October 3rd, 2019 edition of the Sands and at Storms and as Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Got a post from Brad today about the latest version of Emot Head.

What's sort of different about this version is in how it actually

creates the spam emails it's using to trick other users into infecting themselves. In this case,

it went into the infected machine's email history and did pull an email out and then crafted a reply

with an attachment.

Now the email picked and the message added aren't really connected, so that seems to be all

pretty much random, but still of, this significantly increases the chances of someone falling for actually

opening and running the attachment.

The attachment itself is your standard Word document with macros.

So you have to enable macros and it will kind of trick you into enabling

macros by claiming that office is not activated.

And this is how the user is tricked into enabling active content, which then of course will

allow macros to run.

Personally, I have run into sort of occasional activation notices from office,

in particular if I wasn't connected to the internet and the like. So users may actually be

somewhat used to seeing messages like this, which of course then increases the probability

that they will actually enable macros.

I'm talking about some of these generic user awareness items,

Sands Security Awareness, released its latest OCH newsletter.

This is typically directed at a less technical audience than the audience usually

...