Microsoft hacker attack: what you should do now

Fraudsters have developed a new virus which is attacking certain Microsoft programs. Here's how to protect yourself.

Hackers may have cracked open a “vulnerability” in certain Microsoft programs allowing them access to individual computers and the information stored on them.

If successful, fraudsters can gain control of a computer and be granted the same rights as the person using the computer.

The risk only exists on some Microsoft programs and the company is currently investigating the problem.

Microsoft security risk

Computers with the following Microsoft programs could be at risk: Microsoft Windows Vista, Windows Server 2008, Microsoft Office 2003-2010, and all supported versions of Microsoft Lync.

The scam works once the owner of the computer opens an infected file sent by the hacker. The file is likely to be sent as an email with a Word attachment file. Within this Word file there will be a malformed Tagged Image File Format (TIFF) image.

If any part of the attachment is opened or previewed, the virus will try to gain access to the computer and give the hacker the same rights as the person logged onto the computer.

The reported risks have so far been largely on computers in the Middle East and South Asia.

Dustin Childs, group manager of response communications at Microsoft, said: “We are aware of targetted attacks” but confirmed current versions of Microsoft Windows and Office were not affected by the issue.

Compare home insurance policies with lovemoney.com

What to do if your computer is infected

Microsoft says it’s currently working to create a security update which will be sent out to people at risk.  

But if you don’t want to wait until this arrives, there are some other measures you can perform to make sure you’re protected.

First you need to apply the Microsoft ‘Fix it’ solution program which can be downloaded from the website. This is not a replacement for a security update, but a temporary ‘workaround’ measure to block any attacks on your computer.

The website also lists potential scenarios where a computer program could be accessed and a full list of affected and unaffected software.

How to make sure you remain protected

Your computer security settings need to be regularly updated and you should have anti-virus and anti-spyware software downloaded.

If you’re sent an email with an attachment and you don’t recognise the sender, it’s always best to avoid opening it. Even if you do know the sender there is a risk their account has been hacked so watch out for signs such as spelling or grammar mistakes within the text.

Financial institutions will never ask for personal details via email. If you are sent a link within an email, copy and paste the address in a new web page instead of following it. It's also a good idea to Google any companies you've not heard of before.

Suspect emails or web pages should be avoided at all costs and if you come across one report it to a company such as Action Fraud and then delete it.

Get on top of your budgets with the MoneyTrack tool

More on scams:

Don't fall for this business rates scam

The banks with the worst online banking security

The University of Luxembourg research scam

Watch out for these HMRC tax refund scams

Online banking: How to stay safe

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.