In the early 2000s, macro viruses and macro malware were thought to be some of the world’s biggest security threats.
Throughout the 2000s, Microsoft boosted security in its Office software to prevent files from executing malicious macro commands. But macro viruses appear to be making a minor comeback: a new macro virus has infected half a million computers around the world.
Macro Refers to the Macro Command Executed
Contrary to what you might think, macro viruses have nothing to do with macroeconomics or other “macro” terms.
In this situation, macro refers to the use of macro commands to execute a malicious process. Macro commands are a series of clicks and keyboard presses entered into a computer.
In days gone by, users would save macro commands to perform specific tasks – like press a single button to open all your Microsoft Office programs. Hackers would then take advantage of these macro commands to make a common key press turn into a malicious series of commands.
New Macro Malware Infects 501,240 Unique Machines Worldwide
Microsoft had the following to say about macro malware in 2015:
“Just when you think macro malware is a thing of the past, over the past few months, we have seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide,”
How does this macro malware work? Here’s what it does:
Step 1) The user opens a document in Microsoft Office, like Word, Excel, or PowerPoint
Step 2) The document lists a macro command on-screen, and the user needs to enable that macro (which they usually do, thinking the software needs it in order to run)
Step 3) The malware downloads a binary file, binary downloaders connect to CnC servers, and the machine is infected with a wide variety of dangerous malware
So far, the infections have primarily targeted users in the United Kingdom and US, each of which accounts for about 25% of total infections. Other major target countries include France, Italy, Germany, and Australia.
It Starts with an Innocent Email Attachment
Like so many hacking attacks today, this macro virus attack starts with a simple email attachment. That email attachment looks innocent enough: it may call itself “Sales Invoice May 2015” or “Courier Delivery Notification”.
You open that document, and then follow the commands listed on-screen. Soon enough, you’re using an infected machine.
How to Avoid Macro Malware
The best way to avoid macro malware is to follow the same advice used since the 1990s: avoid executing macros.
If you open a mysterious Office document in Word, PowerPoint, or Excel and it asks you to execute some weird command, then don’t execute that command.
If you do execute that macro, then the macro’s job is pretty much done. The macro malware will be downloaded, and then the binary downloader will download dozens of malware applications.
Of course, you should also avoid downloading suspicious email attachments from unknown contacts. If you want to be extra careful about your email attachments, always confirm with your contact that they sent you an email attachment. If a sales invoice shows up in your inbox from a coworker, for example, walk over to that coworker’s desk and ask if they really sent it to you.
Call it paranoia or whatever: but it’s the best way to safeguard your PC in this day and age where virus-laden email attachments are running rampant.