Microsoft Word Email Attachments

by Ed Sawicki - President
Accelerated Learning Center
Tailored Computers

The recent widely publicized email viruses should have sensitized people to the dangers of sending active content along with email messages. Examples of active content would be Microsoft Word and Excel files that are attached to email messages. These files could contain macro viruses that could do substantial damage. The costs associated with having to clean up after a macro virus could be very high and could threaten the viability of a company.

Unfortunately, most email users seem to be unaffected by the dangers of viruses even in the face of warnings on nightly news broadcasts. I continue to receive email messages with Microsoft Word attachments. In some cases, the email message itself has no body text - the message is entirely contained in the attached Microsoft Word document. I would have to open the Word document to see what the sender has to say to me. My company policy is to reject all such email messages but send a message to the sender advising him or her that the message was deleted and the reason why.

Yesterday, I received an unsolicited message (spam) that had no message text but there was a Microsoft Word document attached. I replied with boilerplate text telling the spammer (a training company selling A+ certification courses) why the message was not read and suggesting that in the future they send plain text. The spammer replied (in plain text) saying how rude I was to not read her message and that she had not heard of such a policy before. She thought that my company was wrong to dictate to her how she should compose her email messages. She went on to say that in the past two weeks she had talked to about 150 people who HAD read her Microsoft Word document.

If companies that sell technical services are not sensitive to the problems of active content and viruses, what can we expect of the millions of non-technical computer users?

What does it say when only one out of 151 people ARE concerned?

The message in all of this is:

  1. If you're a consultant, there's a potential goldmine out there helping the clueless rebuild their systems and, perhaps, their businesses once they experience the inevitable severe attack.
  2. If you're an employee of a company that connects the clueless to the fragile corporate network, keep your resume up to date and always be ready to work elsewhere should the company fail due to a computer disaster.
  3. Always have an alternate career to fall back on.

The message for the attackers is that there's a target rich environment out on the Internet. No amount of warnings seem to convince office workers that they're in danger of corrupting valuable corporate data. Company management will have to take action to do anything about this ticking time bomb.