Microsoft is drawing attention to a cybercrime campaign that relies on Office features to compromise Windows systems. Earlier this month Microsoft warned that attackers were firing spam that exploited an Office flaw to install a trojan. The bug meant the attackers didn’t require Windows users to enable macros. However, a new malware campaign that doesn’t exploit a specific vulnerability in Microsoft software takes the opposite approach, using malicious macro functions in an Excel attachment to compromise fully patched Windows PCs. The attack starts with an email and .xls or Excel attachment, which Microsoft is warning recipients not to open.
Jake Moore, Cybersecurity Specialist at ESET:
“Cyber criminals continue to target office applications and this classic little trick to make people enable macros still works many years after it was first used.
For years, criminal hackers have taken advantage of being able to take control of people’s machines by unsuspecting victims effortlessly enabling macros.
This particular exploit cleverly runs in the computer’s memory undetected by file based antivirus but it still comes back to one thing – training staff. Whatever happens, do not enable macros in that really important looking Word file attached – even if it does say it’s from the boss. Social engineering takes many forms but this one heavily relies on the use of authority and urgency as a principle of persuasion technique.”