Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


XML Files Containing Tainted Macros Help Spread Malware

Trustwave the security company cautions that cyber-criminals are cashing in on infected marcros concealed within Extensible Markup Language (XML) files as they attempt at spreading malicious software.

During the 1st-week of March this year (2015), researchers at Trustwave intercepted one spam campaign involving bulk e-mails containing a "remittance advice" attachment which supposedly arrived from different businesses. In those e-mails, recipients were directed for viewing the attachment that was actually one Word file but labeled as XML.

To open and view the file, Microsoft Word was necessary and in case the macros on the device were turned on, a malevolent code written with VBA (Visual Basics for Application) became active.

When turned on, the disguised macros pulled down Trojan Dridex via one distant server. Dridex filches banking details soon as victim signs into one Internet-based bank account. The Trojan waits on the computer till a targeted bank or credit company website is logged into following which it inserts an HTML into the site which directs the victim to give additional information such as card verification value (CVV), expiry date of the card, and social security number (SSN).

Threat Intelligence Manager Karl Sigler at Trustwave says never before was XML documents detected utilized as bait. With regards to macros they have been automatically turned off from the time Office 2007 was implemented. Threatpost.com published this, March 6, 2015.

Sigler continues that occasionally local 'admins' within large organizations possess the capability for enabling macros. While a few companies use them often, the practice isn't common. Usually, the default settings for macros are left. The reason why the cyber-criminals in discussion have used XML is difficult to understand. Possibly they are hunting one fresh attack vector after not receiving adequate click-through successes using spreadsheet files. Possibly they weren't acquiring users who would enable macros in the manner they desired so they are hunting one method for improving their success numbers.

However, for remaining safe from the spam run, it's urged that end-users don't view unsolicited spam messages as well as avoid viewing undesirable and unanticipated file attachments since they maybe malware-tainted, similar as within the aforementioned instance.

ยป SPAMfighter News - 3/16/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page