Short Bytes: The notorious macro malware from the 1990s is making a comeback in a big manner. The latest security reports suggest that macro malware attack techniques have evolved with time and you need to be extra cautious. Read the article to know how macro malware works and know the steps to defeat such attacks.
Macro malware is back – it’s the latest word on the street – according to the security researchers at MacAfee Labs. They have just released their regular threat report that outlines the latest security trends. Hiding in Word documents, Macro malware first rose to the surface in the 1990s.
But, why are we witnessing a sudden rise of the Macro malware in the last month? The MacAfee Labs report tries to find out the reasons and mentions the steps that need to be taken to secure ourselves.
If you are an avid follower of the security trends, you would remember the familiar message from about 20 years ago that read “Warning: This document contains macros.” Threats like WM.Concept (first macro virus to spread through Word) and Melissa (first mass-mailing macro virus) haunted the PCs until Redmond took steps to calm them down.
How does macro malware work?
A Macro automates the frequency of a performed task and does it repeatedly. Usually, a macro malware is a piece of embedded code hidden in a document. If it’s attached to a Microsoft Office file, it’s usually written in Visual Basic for Applications.
Whenever some infected PC’s user performs an operation like opening a document or starting Word, a macro malware runs automatically. Due to the popularity of Microsoft Word, this malware spreads easily. When Microsoft recognized the threat, it changed the default Office configuration and stopped allowing macro execution.
Why has macro malware returned?
Many big organizations use macros and make themselves prone to the risk by opening the backdoor. As a result, hackers take the advantage of the situation and use methods like social engineering to facilitate the return of macro malware. It is spread through spam email attachments with frequently changing subjects to avoid detection.
In the recent years, the increasing popularity of the Office software has allowed them to access more low-level PC features. During the past few quarters, we have noticed a huge increase in the macro malware. As a result, the Office macro threat is at its highest level in the past six years.
How to defeat macro malware attack?
After being around for almost two decades, the new breed of macro malware has become more efficient and flexible by utilizing features like PowerShell.
- To defeat such attacks, you are advised to install the operating system and Office updates and patch the vulnerabilities regularly.
- Use an antimalware software and configure it to scan all email and attachments. Turn off the settings that allow the documents to download and open directly.
- Don’t open unexpected documents received in emails and configure your browser security settings to the maximum level.
- Look for pings from IP addresses like 220.127.116.11 or 18.104.22.168, etc. from internal computers.
- Be extra cautious while opening empty documents that ask you to enable macros to views the content.
Source: MacAfee Labs
If you have something to add, feel free tell us in the comments below.