Macro Malware: A Revival?
Malware creators has revived the Macros malware using a simpler method by tricking users to click on the Word menu bar to activate the virus without noticing.
The computer contagion of the late 1990s are back. Macros viruses, the hitchhikers that plague our Excel and MS Office documents are not lost at all. They have only hibernated since the year 2000 when IT techniques and technologies developed over the years. Usually opening an infected Microsoft Office document would trigger the virus to infect your Windows PC. Macro viruses are written in Visual Basic for Applications (VBA). They are automated and can infect one Office file and spread by copying itself into a later edited document. In modern versions, the macros do not it execute automatically. They are blocked when opening your file leaving macros almost extinct.
Paul Ducklin of Naked Security mentioned that the reoccurrence of the macros malware was published by a security researcher, Gabor Szappanos from Sophos in Hungary. It is a compelling piece that talks about the revival of the Visual Basic for Application (VBA) programming language among miscreants. Szappi, as he is best known among readers, reported that over half of the document-based aggressiveness lately carry VBA macros aimed to trick the user instead of tricking the Office application itself. Latest generation macros viruses began using social engineering strategies to trick users into activating the macros malware rather than taking advantage of security or software flaws.
In the end of January 2014, Szappi pointed out that VBA macros are disabled by default from MS Office 7 to newer versions. It even displays a warning on Word that macros has been disabled. His paper mentioned that the macros can be used as a vector to infect it like that of a Napolar distribution campaign wherein the document is blurred out to trick users in activating the macros in order to retrieve the entire content. They give you the illusion that the document is protected but gives directions on what to click to activate macros and download a trojan. It seems like malware authors has fiendishly found new ways to trick users and it is definitely acquiring results in the virus lab. There are around 75 newly discovered variants and probably more to be seen.
The Visual Basic for Application is one favorite of malware creators because it is easier to write using that programming language. Exchanging data and documents is constantly occurring between people thus increasing multiple infected computers in a short span of time. They are capable of infecting any computer which runs an MS Office. Automatic downloading of Office files can be done using the Internet Explorer. It can be done by downloading documents from emails without asking the user to confirm it. These recently discovered macro attacks’ goal is to infect a large number of users without them noticing. Szappi suggested that having a good anti-virus to scan for suspicious macros on your Office files before using it will be helpful. Regardless of what the security software tells you, there is no valid reason why you need to activate macros just to view your document. Receiving a message to execute macros is a signal that your document or computer is being attacked by a malicious malware.
Have questions about your IT security? Do viruses keep you awake a night? You need our IT security and antivirus solutions to keep your business free of malware, viruses and other malicious activity. Give us a call today.