The Channel logo

News

By | Darren Pauli 30th April 2015 01:58

Macroviruses are BACK and are the future of malware, says Microsoft

It's 2015 and half a million people will still click on stuff we knew was bad in the '90s

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says.

Macro viruses took a battering over the last decade after Redmond spent a decade boosting security in its Office suites to reduce the likelihood that users would execute malicious macros.

Word processors throw warnings about unknown sources and relegates execution to a manual click-through process by which users would need to all but insist on infecting themselves before macros would run.

"Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide," Redmond's malware boffins say .

"The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro malware to run."

The United Kingdom and the US each soak up about a quarter of the total infections, way above the 20,000 p0wned boxes each in France, Italy, and Germany, and blasting the paltry Aussie total of 14,000.

Macro threat flow

Attackers do not appear to have reinvented wheels. Microsoft says they are using documents aimed to pique a victim's interest such as purported sales invoices, tax payments, and courier notifications.

The macro threats include Adnel; Bartallex; Donoff; Jeraps, and Ledod, which fetches trojan payloads or additional downloaders after execution.

"After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader," Microsoft says.

The company says users should stick to its decade-old advice and avoid executing macros while system administrators can block older versions of Office from executing and ensure security things are up to date. ®

comment icon Read 25 comments on this article or post a comment alert Send corrections

Opinion

Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella
Stranded_ships

Chris Mellor

Thousands of layoffs announced as spinning rust enters its death spiral

Features

STRASBOURG, JUNE 29, 2016: The seat of the European Parliament. by Marco Aprile for shutterstock. EDITORIAL USE ONLY
Plan b, image via Shutterstock
EU workers, new markets: post-Brexit pressure on May & Co
Tough question, pic via Shutterstock
Honest mistake with your licensing? Audit police look at it on a 'case by case basis'