Macroviruses are BACK and are the future of malware, says Microsoft

Zombie apps haunt BYOD workplaces
April 28, 2015
Banking Malware Taps Macros
May 1, 2015

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says.

Macro viruses took a battering over the last decade after Redmond spent a decade boosting security in its Office suites to reduce the likelihood that users would execute malicious macros.

Word processors throw warnings about unknown sources and relegates execution to a manual click-through process by which users would need to all but insist on infecting themselves before macros would run.

“Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide,” Redmond’s malware boffins say .

“The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro malware to run.”

The United Kingdom and the US each soak up about a quarter of the total infections, way above the 20,000 p0wned boxes each in France, Italy, and Germany, and blasting the paltry Aussie total of 14,000.

Attackers do not appear to have reinvented wheels. Microsoft says they are using documents aimed to pique a victim’s interest such as purported sales invoices, tax payments, and courier notifications.

The macro threats include Adnel; Bartallex; Donoff; Jeraps, and Ledod, which fetches trojan payloads or additional downloaders after execution.

“After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader,” Microsoft says.

The company says users should stick to its decade-old advice and avoid executing macros while system administrators can block older versions of Office from executing and ensure security things are up to date.

Source – http://www.theregister.co.uk/2015/04/30/macros_the_future_of_malware_says_microsoft/

 

Request Demo