The Channel logo


By | Darren Pauli 30th April 2015 01:58

Macroviruses are BACK and are the future of malware, says Microsoft

It's 2015 and half a million people will still click on stuff we knew was bad in the '90s

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says.

Macro viruses took a battering over the last decade after Redmond spent a decade boosting security in its Office suites to reduce the likelihood that users would execute malicious macros.

Word processors throw warnings about unknown sources and relegates execution to a manual click-through process by which users would need to all but insist on infecting themselves before macros would run.

"Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide," Redmond's malware boffins say .

"The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro malware to run."

The United Kingdom and the US each soak up about a quarter of the total infections, way above the 20,000 p0wned boxes each in France, Italy, and Germany, and blasting the paltry Aussie total of 14,000.

Macro threat flow

Attackers do not appear to have reinvented wheels. Microsoft says they are using documents aimed to pique a victim's interest such as purported sales invoices, tax payments, and courier notifications.

The macro threats include Adnel; Bartallex; Donoff; Jeraps, and Ledod, which fetches trojan payloads or additional downloaders after execution.

"After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader," Microsoft says.

The company says users should stick to its decade-old advice and avoid executing macros while system administrators can block older versions of Office from executing and ensure security things are up to date. ®

comment icon Read 25 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe