Macro Malware Makes a Comeback

Macro malware was something that most of us thought was consigned to the 1990s along with the Spice Girls and platform shoes. However, recent signs indicate that a macro downloader trend has affected more than 500,000 machines globally – that’s according to those who have spent the past decade or so beefing up security in Office to stop users from executing malicious macros.

Essentially, ever since it was first introduced in the 1990s, the macro malware has not really changed. The first of this kind simply asked a user to open a document and enable the macro, with the user assuming that the macro was required for the document to function properly. However, what actually happened was that the unwitting user enabled the malicious macro instead. The kind of documents that were used back in the 90s to get this malware into people’s machines are the same we are seeing doing the job today – sales invoices, tax documents and courier notifications, for example. The malware uses documents that instantly pique the user’s interest, documents that someone might be so eager to see the contents of that they might not thoroughly think through whether it is a genuine document or not.

Although many in the industry will remember the time when macro malware reached a peak – it was the early 2000s that this type of nasty was really at its most effective – this all seemed to change when the Office security settings were altered to high. This effectively killed the macro malware dead as it relied on users being able to make their own decisions about whether or not to open documents and enable macros, something that the new, high security settings didn’t allow for. However, it would seem that history is repeating itself because, as of the end of 2014, macro malware is most definitely back.

Last year we saw the appearance of DRIDEX, ROVNIX and VAWTRAK and figures from Trend Micro’s Smart Protection Network indicated that, in the first quarter of this year, macro malware detections shot up. So, is there anything different in the recent rise in macro malware or has nothing changed? Well, the methods seem to be the same but in 2015 the targets for these attacks are different. Now, rather than individual users, it’s business and enterprise that is being targeted. This means that it’s now even more important to have effective security in place for your business, large or small. Ensuring staff awareness of the threat is key and a specialised security consultancy can help make sure that this 90s nasty doesn’t happen to you.