Malicious documents are another widely used attack type and are mostly initiated by social engineering techniques. This attack type has gained in popularity over the last few years, after operating systems and popular software solutions were hardened against exploits. To tell the truth, running a macro through an Office document, or JavaScript using a PDF is easier than trying to exploit software on a victim's PC. That's because this capability is embedded directly into the document-viewing suites for increasing productivity, such as giving users a chance to create formulas or increase the interactivity of the document. As in all other attack types, this capability is abused by cyber criminals for running a malicious payload on a victim's system and gaining access to sensitive information.

As an example, malicious documents are still the number one infection vector for CryptoLocker attacks. Combined with social-engineering tricks, this attack type can be a powerful weapon for dropping whatever the attacker wants into the victim's PC. Even though macro execution is disabled by default in recent versions of document viewers, by using social engineering, cyber criminals still succeed in tricking users into enabling macro execution as you can see in the following screenshot:

Alongside macro execution, we have recently started seeing a different method, which has allowed attackers to run malicious code on victims PCs. This attack uses Microsoft's Dynamic Data Exchange feature in the Office Suite. Even though it was first discovered in the 1990s, this technique has gained popularity after security vendors and operating systems started disabling macro execution on user's machines. Even though this attack type requires multiple user interactions to execute malicious payloads, most users do not even read what the operating system asks for and just click the Yes button, which lets the attacker download whatever he wants to the user's machine.