Pinterest Stumbleupon Whatsapp
Ads by Google

There are a few basic rules of protecting your computer from malware Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats Viruses, Spyware, Malware, etc. Explained: Understanding Online Threats When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Read More : if you use antivirus software, run your updates regularly, don’t go to questionable websites, and don’t open mysterious files, you’ll be pretty safe. But did you know that your computer can get infected from malicious Microsoft Office documents? And that you could easily be duped into enabling the settings they need to infect your computer?

Here’s the low-down on the risk, and what you can do to stay safe.

Macro Malware

Macro malware, despite how it sounds, is not the opposite of micro-malware. A macro is a small program that functions within another program; they’re often used in Excel spreadsheets to automate repetitive processes (like sending emails from a spreadsheet How To Send Emails From An Excel Spreadsheet Using VBA Scripts How To Send Emails From An Excel Spreadsheet Using VBA Scripts In the past, I’ve used email a whole lot in my batch jobs and other automated scripts, just like I’ve described in past articles. These are great for those times when you have a script... Read More ). If you take the same steps dozens of times in a single week, you can create a macro to make the process much faster and less effort-intensive. This makes them very useful—and very commonplace—in companies that work with large sets of data. Engineering firms, accountants, programmers, administrators, and anyone else working with spreadsheets can benefit from using macros.

macro-malware-code

In Microsoft Office apps—including Word, Excel, and PowerPoint—a language called VBA (visual BASIC for applications How You Can Make Your Own Simple App With VBA How You Can Make Your Own Simple App With VBA For those of you that would really love to be able to write your own application, but have never typed a single line of code before, I'm going to walk you through making your very... Read More ) is used to create these macros. It’s a very simple language that’s easy to work with and, like other languages, can be used to accomplish a wide variety of tasks. One of those tasks, you might be surprised to find out, is to download malware to your computer.

Downloading and running executable files from unknown sources is a big security no-no, and most people know that. However, a macro can download and run a program without alerting you in any way. While you’re looking at the document, the VBA app will reach out to a URL, download a file, and run it, infecting your computer with malware. (If you’re interested in the specific code behind it, a downloader will usually use the URLDownloadToFile() function or the XMLHTTP object with a .Open method.)

Ads by Google

macro-malware-download

What sort of malware do macros download? It could be anything, but according to Sophos’ Naked Security blog, the most common types of malware used in the recent attacks are bank-information-stealing apps and ransomware Don't Fall Foul of the Scammers: A Guide To Ransomware & Other Threats Don't Fall Foul of the Scammers: A Guide To Ransomware & Other Threats Read More called CryptoWall, which locks down your files and demands payment to return them to you.

Why Macros?

Macro malware was popular in the ’90s, but has fallen out of popularity over the past decade or so. So why is it coming back now? Because people have forgotten about it. Other avenues of infection became more common, and VBA was passed up, making people less suspicious of Office files they received. Most people don’t think twice about enabling macros, especially if a document tells them that they should.

Executable files are a major culprit when it comes to infecting computers with malware—many companies now block emails that contain executable files in an attempt to prevent infiltration of their computers. But Office documents with macros are sent back and forth all the time, and few people know that these sorts of attachments can be dangerous How To Spot A Dangerous Email Attachment How To Spot A Dangerous Email Attachment Emails can be dangerous. Reading the contents of an email should be safe if you have the latest security patches, but email attachments can be harmful. Look for the common warning signs. Read More .

macro-malware-attachments

In addition to reduced notoriety, it can be difficult for anti-virus programs to react to macro malware. While the installer has all the time in the world to download and install the malware payload, anti-virus software needs to react very quickly when you’re opening a document to tell you if it’s safe. Hiding instructions in a macro and using some programming tricks to disguise the code makes it much more difficult for your watchdog software to catch it.

How to Protect Yourself

Fortunately, the strategy for keeping yourself free of macro malware is a simple one: don’t enable macros. Microsoft Office will warn you if you’re about to open a document that contains a macro, and will give you the option of enabling or disabling macros. If the document came from anyone other than your IT department or a highly trusted source, keep them disabled.

To make sure that Office gives you this warning and allows you the chance to disable macros before they’re run, go to Trust Center > Trust Center Settings > Macro Settings and select Disable all macros with notification (on a Mac, this setting is in Preferences > Security). If your organization has selected another option as the default, you may need to get help from your IT department.

macro-malware-excel-security

It should be noted that some documents will contain instructions telling you that you need to enable macros, sometimes even for “security purposes.” Don’t fall for this. If a document tells you to enable macros for security, you should be immediately suspicious. If it tells you to enable macros for any reason at all, you might want to double-check with the source of the document to make sure that it’s clean. Macros aren’t required for security, and they’re rarely required for anything else (though they might make some tasks quite a bit easier).

Also, you should consider blocking any emails that originate from outside of your organization if they contain macros—Sophos products will allow you to do this, and you may be able to with other security software as well.

Don’t Get Caught by Macro Malware

Like most malware, you can prevent infection by macro malware using a few simple steps and some common sense 7 Common Sense Tips to Help You Avoid Catching Malware 7 Common Sense Tips to Help You Avoid Catching Malware The Internet has made a lot possible. Accessing information and communicating with people from far away has become a breeze. At the same time, however, our curiosity can quickly lead us down dark virtual alleys... Read More . Don’t enable macros by default. Only use macros from highly trusted sources. Make sure others in your organization do the same. If you can do these three things, you’ll significantly decrease the chances that you’ll get infected.

Do you have any experience with macro malware? Does your organization use macros? How do you prevent infection? Share your thoughts below!

Image credits: isak55 via Shutterstock.com, JMiks via Shutterstock.com, Gajus via Shutterstock.com.

  1. David Fernández Piñas
    October 9, 2015 at 8:48 pm

    The company I work for will start giving up on the use of Microsoft Office since January 2016. LibreOffice will be used by default. If a customer requests the use of Microsoft Office its use will be charged separately on the quote.

    • Dann Albright
      October 11, 2015 at 10:44 pm

      Interesting! I wouldn't be surprised to see more companies going that way, especially as LibreOffice and other free alternatives come closer to the power that Word offers.

  2. James Van Damme
    October 8, 2015 at 11:07 pm

    I use LibreOffice on Linux, and thus protect myself from Microsoft.

    • Dann Albright
      October 11, 2015 at 10:43 pm

      It's not Microsoft that's sending out malware.

  3. Jeff C
    October 8, 2015 at 9:54 pm

    Easiest way to protect yourself from Microsoft Word malware?

    Use LibreOffice instead.

Leave a Reply

Your email address will not be published. Required fields are marked *