For those who don’t know, macros are basically scripts embedded in files that are used to
automate tasks in different applications, such as Microsoft Word or Excel, but which can also
be used for malicious actions like installing malware.
THEY DID NOT REINVENT THE WHEEL
The revival of macro-based malware comes in conjunction with a well know tool: social
engineering. As it turns out, it’s 2015 and people will still open things we knew were bad
back in the ’90s. For those handling IT matters for a company, this isn’t really a surprise.
Malicious files containing macro-malware, and the emails used to distribute them, are
intentionally crafted to resonate with the reader. With business related topic such as sales
invoices, tax notices and CV’s, the readers can be easily tricked in to opening the attachment
without thinking twice.
The victim is made to think that in order to actually access the data, he or she has to first
enable the macro. And in fact, many of the documents include step-by- step instructions on
how the victim can enable the untrusted macros The right combination of instructions,
relevant content & file names are often enough to convince the victim to enable the macro,
which allows the malware to run.
On the technical side of the game, today’s macro attacks have new tools that they can use for
leverage, as email and spam protection can usually handle such attacks. For example,
today’s macro-malware attacks can use zipped file attachments and cloud-based storage
services (such as Dropbox) in an attempt to evade scanners. For the more technical people
out there, it’s also worth noting that a number of these recent attacks have attempted to
execute macros by leveraging Powershell, Microsoft’s task-based command-line shell and
Ways to keep them off the bay:
1) Protect your email
2) Disable Macros (where you can)
3) Protect your end-points with modern technologies
4) Use up-to- date Office software
5) Employee education: Don’t open suspicious emails and files!
6) Employee education: Don’t run macros on your computer!