New Malspam Disables Msoft Office Macro Security

BACKGROUND:

A new malspam variant that bypasses Office macro security to download Zloader was disclosed by McAfee on their blog Thursday. The variant disables Office defenses and delivers the Zloader banking trojan using a Word doc that downloads an XLS file. This downloads and executes malicious DLLs (Zloader) without any malicious code present in the initial spammed attachment macro. An expert with Gurucul offers perspective.

Experts Comments

July 12, 2021
Saryu Nayyar
CEO
Gurucul

As pervasive as anti-malware software is, malware developers continue to come up with innovative approaches to infecting systems and devices. In the latest case, Microsoft reports that a phishing email with a Word attachment has the potential to take over systems. Opening the document causes it to download an Excel file from a remote server, whose contents are loaded into Visual Basic for Applications as macros.  The Word doc disables the Excel macro warning and executes the macros, which

.....Read More

As pervasive as anti-malware software is, malware developers continue to come up with innovative approaches to infecting systems and devices. In the latest case, Microsoft reports that a phishing email with a Word attachment has the potential to take over systems. Opening the document causes it to download an Excel file from a remote server, whose contents are loaded into Visual Basic for Applications as macros.  The Word doc disables the Excel macro warning and executes the macros, which downloads and executes the Zloader malware payload.

It’s a unique way of infecting a computer through several intermediate steps, and not actually downloading malware until the very last steps. Monitoring data on system downloads and executions will enable enterprises to identify a potential problem before Zloader can be executed.  As attacks get more and more sophisticated, enterprises need an early warning system before malware can cause a crisis.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.