The attack begins with the delivery of a Excel based Sudoku generator spreadsheet or a link to it. Once the victims download the file, they are urged to enable macros in Office Documents and given instructions on how to do it.
"Back in the 1990s, macros were the weapon of choice for cybercriminals. Microsoft responded by disabling macros by default, all but killing off the macro malware threat," Sophos researchers pointed out. "But macros are still in common use, and the trick used here is quite simple: if you want to generate a puzzle to solve, you have to enable macros."
But what the users cannot tell by looking at the file is that it actually contains two macros, and that the second one is tasked with downloading and running malware that gathers system information such as running programs and services; information on the computers' hardware, software and applied patches; information about the network to which the system belongs (if any), and more.
All this information is then encoded and sent to an aol.com email address.