Macro viruses — utilising Visual Basic for Applications (VBA) to execute code inside Office apps like Word and Excel — were the most visible form of malware at one point, but improved security in Office meant their prevalence has dropped dramatically in recent years. Now, however, it seems they’re on the prowl again.
Writing for Virus Bulletin, Sophos analyst Gabor Szappanos notes a rise in distribution of malware via rigged spreadsheets and other documents. The new approach relies on social engineering: rather than trying to circumvent Office’s built-in protections, it encourages users to enable macros instead:
This won’t work all the time, since some corporate environments permanently block macros and won’t offer you the choice. Nonetheless, it’s a reminder that the advice “treat attachments with extreme caution” remains valid, and is something you should reinforce throughout the organisation. As Szappanos points out:
There is no justification as to why the content of a document can only be displayed properly if the execution of macros is enabled. If you receive a document with this advice, be aware: you are probably being attacked.
Hit the post for more examples of macros attempting social engineering.
[Virus Bulletin via Naked Security]