Attachment Alert - "PDP.doc"

Created by Don Devenney
Apr 11, 2017
2 min read

We've just received notice from the Canadian Computer Incident Response Centre of a new computer vulnerability that is being actively exploited.  What’s concerning about this particular exploit is that it involves Microsoft Word document attachments and – this is the worrying part – the attachment name is likely to be “PDP.doc”.  Given that we at RRU are in the midst of “PDP Season”, it’s possible that even a reasonably attentive person could, under these circumstances, be tricked into opening such an attachment.

The attack is notable for several reasons. First, it bypasses most exploit mitigations: This capability allows it to work even against Windows 10, which security experts widely agree is Microsoft's most secure operating system to date. Second, unlike the vast majority of the Word exploits seen in the wild over the past few years, this new attack doesn't require targets to enable macros. Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened.

In addition to an attachment named "PDP.doc", you can look for attachments with names like:

 - !!!!URGENT!!!!READ!!!.doc

 - hire_form.doc

 - СПУТНИК РАЗВЕДЧИКА.doc

 - template.doc

 - docu.doc

IT-Services has taken steps to try and prevent these malicious attachments from entering our email system however the cyber criminals are quite resourceful and very determined to spread their message so we’re asking that you take the following steps:

a)      Be exceedingly careful opening ANY Microsoft Word attachments.  Please – take the extra step to verify that the attachment is legitimate before opening it;

b)      Do NOT send any file attachments named “PDP.doc” or “PDP.docx”;

c)       Do NOT open any file attachments named “PDP.doc” or “PDP.docx”; and

d)      If you must email a PDP document as an attachment please choose a descriptive name for it.  i.e. “J_Smith_PDP.docx”

If you receive an email with an attachment matching the above list, please DELETE the email.  DO NOT open the attachment - that will launch the malicious code.  If you have specific concerns, please email: securityawareness@royalroads.ca 

How to Contact the Computer Services Department

Submit a ticket
To submit a ticket, you will be required to log in using your FULL Royal Roads email address (detailed instructions here)
New! If you do not have a full RRU email address (students not currently in a credit program and/or visitors), you can create a portal account using your personal email address.
Email us at IT Customer Service
Contact Form
Phone: 250-391-2659 Toll Free: 1-866-808-5429
Come visit us in the Sequoia Building
Hours of Operation