Beware of old-school malware techniques

By on
Beware of old-school malware techniques

Malicious Word documents are making a comeback.

According to security vendor Sophos, there's been a resurgence in the use of booby-trapped Word documents to spread malware.

Microsoft Office includes a programming language called VBA, which is intended to allow users to automate repetitive processes with what are known as macros. The problem is that people have developed off-the-shelf kits that make it easy for the criminally minded to rig a Word document so that opening it triggers a macro that automatically downloads and runs a piece of serious malware.

Sophos warns that this method is being used to distribute banking Trojans (malware that tries to steal your online banking credentials) and ransomware that encrypts your files. (See Is Malware all that Bad, Really?)

While we've learned to be careful about opening attachments, Word, Excel and PDF files are such an everyday part of working life that they may duck under our guard, especially if they come with a convincing cover message. Sophos says the ransomware attacks pose as invoices, or as résumé from jobseekers.

And even if you have disabled macros, the documents tell you that you must enable them in order to see the content. Sneaky, huh?

Sophos's advice is that this should be considered a red flag, and that any document that asks or tells you to enable macros should be considered untrustworthy. 

While the dodgy attachments and the files they attempt to download should be detected by your security software, there's always the risk that you'll be one of the first to receive a new variant before it can be recognised, so another recommended measure is to set your email server or scanner to block incoming Office files that contain macros.

If you're technically inclined, Sophos goes into more depth about the way this all works here.

Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?