There is one more reason now to watch out for the security of your PCs. The deadly VBA macro malware which infected millions of Word and Excel files during the 1990s has made a comeback. The curse of 1990’s, the VBA virus has almost come out of extinction to target Microsoft’s products again.
Gabor Szappanos, the researcher from the SophosLabs security, says that for the last decade, the VBA virus was rendered ineffective owing to Security improvements in Microsoft Office products. However, in recent months, a resurgence of malicious VBA macros has been observed – this time, not self-replicating viruses, but simple downloader trojan codes.
VBA macro malware
VBA macro is not dead, courtesy Social Engineering. Marked frequently nowadays, the VBA malware presence is found in exploited documents using one of the Office vulnerabilities to drop or download some trojans or backdoors.
Mentioning at Virus Bulletin, Sophos analyst Gabor Szappanos says,
“In all Office suites starting from Office 2007, the execution of VBA macros is disabled by default. Consequently, the VBA code will not execute in newer versions of Office. Furthermore, the user is warned on the Word menu bar about the fact that macros have been disabled”.
However, the security message may just not protect users as the attackers may prepare the content of the documents in such a way that it would lure the recipient into enabling the execution of macros, and thus open the door to infection.
Szappanos mentions that since the first appearance of this group of malware at the end of January 2014, at least 75 different variants have appeared. The most peculiar is one in which a blurred transaction report is placed in the document content, encouraging the user to enable macros in order to access the full content. Conveniently, instructions are provided as to how to enable the macros, including an arrow pointing to the exact location where the user is supposed to click.
The resurgence of VBA macro is a timely reminder that just antivirus programs would not alone protect your PC. Instead, you need to be aware of the other possible threats as well. For now, just be careful while you are asked to turn the macros ON.
