Macro-based Malware & How to Protect Yourself Against Attacks

• 20 September 2016
• in: IT Security

There are various different types of malware and different ways that they have been built to infect systems. One of those types is called macro malware, which are essentially scripts that contain several commands for the automation of tasks for different applications through Microsoft Office documents. Characteristically, macro are provided as a mechanism for us to improve and work better with automations in Word, Excel etc.

 

 

Macros can be manipulated in Visual Basic for Applications (VBA) so that they can perform actions such as installing malicious malware.

 

Back in 1999, the infamous macro-virus Melissa was distributed via email using an attachment. When the Word document was opened it forwarded itself to the first 50 people in your Microsoft Outlook address book.

 

There was no defence against these kinds of macros in Word 1997 and Word 2000. After this incident, when Office XP was released in 2001, users were asked if they wanted to enable editing on all Word documents after they were opened to limit macros with embedded files. This is one of the main reasons why hackers stop using this technique.

 

 

However it seems that the creators of macros are now trying to tempted users into opening and enabling the virus by writing eye-catching email title to make you want to open the document. Such as: “Here is the receipt of your recent purchase”, or “Here is the report you asked me to generate for you” or even “Here is the offer you requested”. So keep in mind that from Word XP onward, even if you open an attachment, macros can’t be run due to the protection you will see the following message:

 

 

NEVER click enable editing if you are unsure about a document; if you click enable, this gives the macro necessary permission to start running, and if your antivirus is not updated you may not even notice that your systems is infected.

 

 

How can I protect myself from macro-based attacks?

If you see strange emails with unrecognised attached documents that you never requested, avoid opening the document as there is a 90% chance it’s an infection. Especially if you don’t recognise the sender, it is likely to be an infected document attached.

There are some ways to avoid the infection however they are not 100% guaranteed:

1. It is best to avoid enabling Marcos especially if you receive them from untrusted or unknown sources.
2. If your company does not use macros in its daily tasks then completely disable macros in the office.
3. Keep updating your Microsoft Office and Windows OS.
4. Ensure that your antivirus or anti-malware software is updated automatically on a regular basis.