DOCM files are Microsoft Word files, with the “M” standing for Macro. Macro files or codes should always been viewed with caution. This email came from a semi-advanced and semi-targeted email campaign directed at ICAS (Institute of Chartered Accountants of Scotland) members in the second quarter of 2014.


The file attachment within a Window folder. To most people it looks like a normal Microsoft Word file but note the ! mark.


A fresh and clean Windows 8 user directory.


A Microsoft Office warning, saying the document originated from the Internet and might be unsafe. Please enable editing in order to edit the document and use other features such as printing. This message is very common even on genuine files. Clicked enable editing.


This is a critical warning saying the document contains an active code and do you wish to enable. Clicked enable.


Without requesting it a new .exe file has appeared in the Windows 8 user directory.


Malwarebytes detecting the malicious newly placed file.

All of this happens in seconds and most people would not suspect that a Microsoft Office or PDF file is capable of this. Slowly cyber criminals are adopting new approaches to circumvent fairly clued up humans and technology.