Lead Image © Daniela Mangiuca, 123RF.com
Countering embedded malware attacks
The Return of the Macro Virus
Embedded malware hidden as macros in Office documents, which automatically launch on opening, was extremely popular 15 years ago. To counter this, in 2001, Microsoft introduced a security policy in Office XP that prompted the user to decide whether or not to run code embedded in documents. This made macro virus attacks difficult to perform, so that other propagation paths became far more lucrative. Consequently, in the last few years, this form of malicious code has been almost completely forgotten, not least because manufacturers by default disabled macros in their products.
However, a Microsoft study from early 2015 shows evidence of a return of the macro virus. According to reports, within a very short time, more than 500,000 systems were infected by malware distributed in email spam. Today, macro viruses are again on the rise.
Hidden in Office Files
A macro virus is a piece of malicious code that exists as a standalone executable program but is embedded as a macro in a document. A macro can perform certain tasks automatically; it is used to perform malicious actions, such as installing more malicious code. Files that contain a macro virus and distributed via email are usually designed so that they appear inconspicuous to the receiver. Most users typically open invoices, reminders, and application documents without much thought.
Because macros are now disabled by default (Figure 1), many of these malicious files now contain step-by-step instructions for enabling macros. By suggesting that they would otherwise be unable to open and read the document, the recipient is thus lured into allowing the execution of macros. Additionally, targeted social engineering is used to pique the interest of the victims, and targeted attacks are performed on large groups of people and companies – often using file names such as
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
- Microsoft Blocks VBA Macros from Untrusted Sources
- Two New Malware Campaigns Found
-
Tech News
Huge DDoS Attack over HTTPS is Discovered and Stopped
- Serious Flaw in Microsoft Word is Being Used to Install Malware
-
Protect yourself from infected MS Office files
Attacks on Microsoft Office files are increasing. A multilayered approach is your best protection against this malware.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
