FutureFive New Zealand - Consumer technology news & reviews from the future
Story image
Macro-based malware is back, says Microsoft
Thu, 8th Jan 2015
FYI, this story is more than a year old

The Microsoft Malware Protection Centre (MMPC) has released a blog post to inform people macro-based malware is being used more frequently.

The MMPC has noticed an increasing number of threats using macros to spread their malicious code - infecting systems with techniques such as spam emails and social engineering.

Macros are used for Microsoft Office as they automate some processes and can boost productivity, but they can be exploited.

In order to reduce the number of threats, Microsoft has made the default setting to ‘Disable all macros with notification'. Since putting this in place, MMPC says the number of macro-related malware threat has declined.

New threats circumnavigate this by convincing users to manually enable macros which allows the malicious code to run.

Recent macro downloaders spreading through spam email campaigns target home users as well as enterprise customers. Adel and Tarbir are two examples of macro malware that peaked mid-December 2014 - these threats predominantly target customers in the US and UK.

Spam emails use subject lines such as ACH Transaction Report, DOC-file for report is ready, Invoice as requested, Payment Details, Remittance Advice from Engineering Solutions Ltd, Your Automated Clearing House Transaction Has Been Put On.

The names of the emails and attachments are designed to look like legitimate payment files to convince users to open them.

When the attachment of such emails is opened, and if the macros have been enabled, the malware will enter and infect the system.

The MMPC says to avoid further infection from these malware types keep in mind a file with a receipt or billing statement generally doesn't need to have any macros in it, be wary of unsigned macros and macros from an untrusted source, and be aware of tricks such as empty documents that make a user think they need to enable macros to see the content.