BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>Opinion>

PREVIOUS

Filtered Articles:1 of 41   Current Article ID:6065

NEXT



Macro Malware: An Unexpected Return

Editorial Type: Opinion     Date: 11-2015    Views: 2656   









The re-emergence of macro malware after more than 10 years, when it seemed to have died out, does not augur well, warns CYREN

If a specific malware distribution technique sticks around for any length of time, it's usually an indicator that the cyber bad guys find it worthwhile, says Lior Kohavi, CTO of CYREN. "There's little doubt that's the case with the sudden return of macro malware, following more than a decade of near extinction. After first re-appearing late last year, macro malware continues to turn up in inboxes worldwide."

Almost 16 years ago, the Melissa macro virus first appeared, quickly managing to infect some 20% of the world's computers - all through the simple technique of targeting a significant weakness in Microsoft Office applications' Visual Basic for Applications (VBA) macro processing.

"To avoid foregoing macro capabilities entirely, Microsoft provided a patch for all of its Office applications that offered what seemed to be a rather effective two-pronged defence," adds Kohavi. "The Microsoft patch displayed a pop-up window with a clear warning that indicated a macro was requesting to be processed. It then required the user to click on a button to either accept or deny the action.

"Following the patch, it became obvious that macro malware was no longer an appealing attack method, as it faded off into IT security history - or so most thought. It proved only to be a lengthy sabbatical."

RETURN TO FAMILIAR APPROACH
In November 2014, outbreaks involving billions of emails that contained new macro malware were suddenly back on security vendors' radars. "It turns out that cybercriminals turned to well-known, clever social engineering techniques to rapidly spread the threat," Kohavi states. "If the bad guys were initially unsure of its 'success', it certainly didn't show. The emails with macro malware came back with a relative vengeance in 2015.

"Of course, for the attacks to be successful, the user must be convinced the macro warning pane is insignificant. After all, they must be persuaded to actually click the button that enables the macro. Users are coerced by framing the situation, so that it looks harmless." Kohavi offers three specific examples:

Newer Version Tactic - Upon opening a file, the user is told that a newer version of the Microsoft Office application was used to create the document and they must click to enable macros, in order to display the document's contents

Blurry Tactic - Upon opening a file, only a blurred image is shown, with legible text indicating the document is blurred for security purposes. Users are asked to click the enable button

Incorrect Coding Tactic - Upon opening a file, illegible text immediately appears alongside a brief message asking the user to click the enable button, in order to fix incorrect coding.

"Totally new and encrypted variants of macro malware were also reported early this year", he continues, "including those that, in addition to simply downloading other malware, also feature expanded capabilities, gathering information such as network users, user account details and shared folders.

"By sending this information to remote servers, criminals can be armed with extremely helpful ammunition for further, more targeted, attacks - and it all stemmed from the VBS vulnerability that might seem unsophisticated, but is actually just as powerful as any other malware. It's yet another reason for all users to be ever vigilant."

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT