Displaying items by tag: Macros

Back in the late 90s’ the first macro viruses appeared on the scene. The leveraged a feature of Microsoft Office that allowed a malware developer to execute programmed instructions via the office interface. This new option opened a lot of avenues for inserting a malicious payload on to a target system. Now some 20+ years later Microsoft is finally really doing something about this hole in their Office product. The are blocking all downloaded/external macros by default.

Published in Security Talk

In a list of things that should be killed with fire, Excel 4.0 Macros are high up. However, the fat that Spamming “services” like Emotet are still using Excel 4.0 Macros tells me that some are not getting the hint. According to recent research from TrendMicro, Emotet is using some very unconventional methods of obfuscating the C2 server IP addresses. The attack patter is the same, email with a poisoned Excel spreadsheet. This spreadsheet contains HTA with the command script, you know the drill.

Published in Security Talk
Tuesday, 08 July 2014 16:19

Macro Viruses Making a Comeback

In the mid-late 1990s the computer world was rocked by a new plague that spread very quickly through most Windows PCs that were running any form of Microsoft Office. This was the Macro virus and there were plenty of examples of these nasty little bits of Microsoft enabled code were written in a form of Visual Basic called VBA (Visual Basic for Applications). Think of VBA as a stripped down version of the more powerful programing languages.

Published in News