Malware Macros on the road again

macromalwareMalware macros are on the road again. After practically disappearing for ten years someone got the malware macro band together again. They’re back and bigger than ever. They still deliver via email but the bass line is now has a new kick, a Trojan horse dropper.

First, what is a macro? It’s a code used to automate a process in a file, usually Excel or Word, and usually a repetitive process such as creating a table in Word from an Excel spreadsheet that has been updated.  Macros were very popular in 90s computing culture. And therefore they were used by virus writers quite a bit back then. Notable example is the Melissa virus.

For the last decade, Microsoft has disabled macros by default in Office. However some clever virus writers have figured out how to get folks to enable macros so they can deliver their evil payload.

Panic like it’s the 90’s

Gabor Szappanos released a detailed breakdown of how it works on the Virus Bulletin Blog on July 2nd. This is a very technical article but the pictures show you how to identify if you have received one of these gems via email.

The attachment most of the attachment looks blurry when you open it except for a helpful bit of text telling you that this is a security feature and all you need do in enable macros in your program (usually Word or Excel) to get the goods. Don’t do it!

Malware MacroIf you do enable macros, you will let loose a Trojan on your computer.

Your antivirus program might help you here. But it is clear from the article that the programmers are constantly updating and improving the macro. So your antivirus might only protect you from last month’s version.

Beware of attachments bearing macros.