sábado, 16 de maio de 2015

Macroviruses are BACK and are the future of malware, says Microsoft

 

 

It's 2015 and half a million people will still click on stuff we knew was bad in the '90s

30 Apr 2015 at 01:58, Darren Pauli

Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says.

Macro viruses took a battering over the last decade after Redmond spent a decade boosting security in its Office suites to reduce the likelihood that users would execute malicious macros.

Word processors throw warnings about unknown sources and relegates execution to a manual click-through process by which users would need to all but insist on infecting themselves before macros would run.

"Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide," Redmond's malware boffins say .

"The user opens the document, enables the macro, thinking that the document needs it to function properly – unknowingly enabling the macro malware to run."

The United Kingdom and the US each soak up about a quarter of the total infections, way above the 20,000 p0wned boxes each in France, Italy, and Germany, and blasting the paltry Aussie total of 14,000.

Macro threat flow

Attackers do not appear to have reinvented wheels. Microsoft says they are using documents aimed to pique a victim's interest such as purported sales invoices, tax payments, and courier notifications.

The macro threats include Adnel; Bartallex; Donoff; Jeraps, and Ledod, which fetches trojan payloads or additional downloaders after execution.

"After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader," Microsoft says.

The company says users should stick to its decade-old advice and avoid executing macros while system administrators can block older versions of Office from executing and ensure security things are up to date.

Nenhum comentário:

Postar um comentário

Observação: somente um membro deste blog pode postar um comentário.