We received a mail from one of our clients who luckily did not open the attachment.
When the word document is opened the and then closed the attacker’s code start upon closing the word doc. It first sends to the attacker all information to him/her about your system, then collects installed applications and reports back to attacker. After that the program downloads and installs various program one of them being a Shell application.
What is a shell application and what can be done with it ?
Basically a shell application gives an attacker access your computer operating system and allows the attacker to do as he/she wants. This provides full control of your system in the back-end without you knowing the attacker is there.
Our client acted swiftly and remembered the training he was provided with. If not for that he would have opened the document and would have been held for Ransom today.