Macro viruses — utilising Visual Basic for Applications (VBA) to execute code inside Office apps like Word and Excel — were the most visible form of malware at one point, but improved security in Office meant their prevalence has dropped dramatically in recent years. Now, however, it seems they’re on the prowl again.
Writing for Virus Bulletin, Sophos analyst Gabor Szappanos notes a rise in distribution of malware via rigged spreadsheets and other documents. The new approach relies on social engineering: rather than trying to circumvent Office’s built-in protections, it encourages users to enable macros instead:
This won’t work all the time, since some corporate environments permanently block macros and won’t offer you the choice. Nonetheless, it’s a reminder that the advice “treat attachments with extreme caution” remains valid, and is something you should reinforce throughout the organisation. As Szappanos points out:
There is no justification as to why the content of a document can only be displayed properly if the execution of macros is enabled. If you receive a document with this advice, be aware: you are probably being attacked.
Hit the post for more examples of macros attempting social engineering.
[Virus Bulletin via Naked Security]
Comments
3 responses to “Office Macro Viruses Are Making An Unwelcome Comeback”
Rule #1 don’t open things you weren’t expecting.
But someone just transferred me 2 grand and the invoice is in this handy .rar file attached!
Well, that’s really an extremely threatening situation! I think experienced web users can never forget macro viruses and how they can damage a system to never recover again. If they are actually about to rise again, we ought to find/develop ways to prevent them before it’s too late. Thanks for the useful content and illustrations!