Microsoft says that Attacks with Macro Malware are Increasing

Winbeta.org reported on 28th April, 2015 stating that Microsoft has revealed that macro-malware attacks are increasing with minimum 500,000 machines all over the world are being affected at present although most of the attacks currently take place in UK and USA.

Macro viruses suffered a beating during last decade after Microsoft increased protection in its office suites for a decade to lessen the chances of users executing maligned macros.

Word processors show warnings about mysterious sources and relegate execution to a manual click-through procedure by which Internauts would require to everything but would insist on infecting themselves before macros would start running.

Theregister.co.uk published news on 29th April, 2015 quoting a technician of Redmond's as saying "Just when you feel that macro malware has vanished, we have witnessed an increasing trend of macro downloader over the past few months affecting almost 501,240 unique machines all over the world. The user opens the document believing that the document desires to work properly not knowing that it enables the running of the macro malware."

Attackers do not look to have rediscovered wheels.

Threatpost.com published news on 29th April, 2015 quoting an analysis of the attacks by the Microsoft Malware Protection Center as: "The macro malware-laden documents targeting users of email through spam emails are deliberately designed to tempt curiosity of any person. Users can be easily tricked to read email and open the attachment without thinking twice because of subjects like sales invoices, courier notifications, resumes, federal tax payments and confirmation of donations. The user opens the document thinking that the document needs to work properly not knowing that it enables the macro malware to run."

Once the macro runs, the malware either downloads the final payload or installs a second downloader which then reaches to a remote server and installs a Trojan. After that, the malware is off and runs putting the user in big trouble.

The Protection Center of Microsoft concludes that the best defense against this type of attack is to ensure that macros are disabled by default and to educate users about the danger of enabling them.

» SPAMfighter News - 5/6/2015