Microsoft Corp. on Monday issued an emergency security warning saying that hackers have found a way to booby-trap certain common Word files with the .rtf extension.
Microsoft says it’s aware of attacks going on now, but there’s no fix yet to stop the hackers. It’s working on a way to stop the bug.
The only way to be sure your computer won’t get infected is not to open a document with the .rtf file extension until Microsoft says it’s fine to do so.
This is the worst kind of attack. A hacker who manages to get you to open a booby-trapped file can gain control of your computer. From there, the hacker can do all kinds of things. For instance, the hacker can turn your computer into a so-called zombie by putting it on an illegal botnet. That means hackers can use your computer as part of a bigger network of computers to do all kinds of illegal things — like send spam, spread viruses, and commit fraud.
Even scarier is that the hack could work in preview mode. That’s where you don’t actually open the file but view it in an email instead. Outlook, for instance, lets you preview attachments.
Microsoft is recommending that you block all .rtf documents from your computer. It released a free tool that will set that up for you.
While .rtf files are not the default for Microsoft Word — the default is .docx or .doc — this is not a strange or unusual type of document. RTF stands for rich text format. For example, it’s the default file format used by TextEdit, the free word-processing app that comes with Macs.
If people tend to email you a lot of Word documents, and you don’t want to block all .rtf documents, another good choice is to set up your email to be in text mode, recommends security blogger Paul Ducklin via the Sophos security blog. The downside: This can make formatted emails, like newsletters, more difficult to read.