Feeds

Panic like it's 1999: Microsoft Office macro viruses are BACK

VBA IS NOT DEAD, shrieks infosec chap

Eight steps to building an HP BladeSystem

Macro viruses involving infected Word and Excel files were a plague in the late 1990s. Yet, like grunge music, the genre fell into decline as techniques and technologies moved on. More recently macro viruses have staged something of a revival, thanks to social-engineering trickery.

Windows executable malware has dominated macro viruses written in VBA (Visual Basic for Applications) since the turn of the century.

Users opening an infected document were exposed to malicious code that infected Windows PCs. The macro virus would spread into a user's Office template files before sneaking copies of itself into any subsequently edited documents. Examples of macro-based malware include the fast-spreading Melissa email worm from 1999.

Security improvements in Microsoft Office products blocked many such attacks, propelling macro viruses towards extinction in the process.

Yet recently macro malware has been making a return. Security researcher Gabor “Szappi” Szappanos of Sophos reports that more than half of the document-based attacks seen recently contain VBA macros aimed at tricking the user, rather than more esoteric exploit code designed to trick Office itself.

Miscreants are using social engineering rather than exploiting software bugs and built-in security shortcomings to push the latest generation of macros.

"Crooks often use the presence of macros in their documents as an excuse to suggest that the document is more secure than usual, claiming that the document is somehow 'protected' until you enable macros to decrypt or unscramble it," explains anti-virus veteran Paul Ducklin in a post on Sophos' Naked Security blog.

Szappanos' research on the revival of macro viruses can be found in an article by Virus Bulletin, entitled VBA IS NOT DEAD!, here.

Security software ought to catch the latest generation of macro viruses in most cases - but it would be foolhardy to rely on this line of defence. Szappanos offers a fool-proof way of avoiding infection - disabling macros: "There is no justification as to why the content of a document can only be displayed properly if the execution of macros is enabled. If you receive a document with this advice, be aware: you are probably being attacked." ®

Maximizing your infrastructure through virtualization

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.