The resurgence in Office macro viruses shows no sign of slowing up. According to Sophos, attacks using Office’s built-in Visual Basic for Applications (VBA) now account for more than a quarter of all document-based attacks.
Earlier this year, we noted that malware writers were using social engineering to try and persuade users to enable harmful macros within documents attached to spam emails, thus working around Office’s built-in macro security. According to Sophos, while 6 per cent of detected document-based attacks used VBA in June, that rose to 28 per cent in July.
VBA templates are also now circulating in the wild, complete with notes on how to insert links to specific exploits and how to modify the code so that it’s potentially harder for anti-virus software to detect.
The key lesson? While macros can be very useful, most users don’t need them so they should be disabled via policy. As usual, don’t open attachments from untrusted sources (the majority of attacks still rely on known exploits rather than macros, and that approach keeps them at bay too).
Hit the link for more details on how the new wave of attacks work.