New, dangerous computer virus uses an old trick you’ve probably forgotten about

Here's one example of the booby-trapped email. (Microsoft -- click for more)
Here’s one example of the booby-trapped email. (Microsoft — click for more)

Everything old is new again…that applies to computer virus attacks, too. Remember the good old days when booby-trapped emails contacting macro-infected Word documents and spreadsheets were the biggest threat to computer users? Well, they are back.

Microsoft issued a pretty specific warning this week at its Malware Protection Center, saying its seen a surge of macro-based threats that are getting traction.

Since it’s been awhile, here’s a quick refresher. Microsoft’s Office documents like Word and Excel come with a powerful feature. Document creators can add “macros” to them — little bits of computer code, or short programs, that make them far more functional.  The macros run when the documents are open, which is fine, as long as the code is safe.   More than a decade ago, virus writers seized on this tool and learned how to write malicious code that could be spread be sending emails with booby-trapped attachments.  Victims would open the attachments because they might seem harmless — maybe because they were named “LoveLetter” — and quickly, virus writers could infect thousands, or millions of people.

Slowly, both consumer behavior and technology changes made macro viruses less effective.  People started wising up about opening attachments willy-nilly.  And Microsoft added protections, such as the familiar annoying dialog box that asks recipients, “Are you sure?” when opening  a document and enabling a macro.  So malicious macros went out of style.

Microsoft says they are back now. Two bits of malware named “Adnel” and “Tarbir” are making the rounds.

“The Microsoft Malware Protection Center (MMPC) has recently seen an increasing number of threats using macros to spread their malicious code. This technique uses spam emails and social engineering to infect a system,” it says.  “We have seen new threats emerging that include some form of social engineering to convince users to manually enable macros and allow the malicious code to run.”

They are catching on, in part, because the spam includes instructions cleverly designed to trick recipients into bypassing security controls – to enable macros in the documents.

Be alert for emails with attachments and subject lines like this:

  • ACH Transaction Report
  • DOC-file for report is ready
  • Invoice as requested
  • Invoice – P97291
  • Order – Y24383
  • Payment Details
  • Remittance Advice from Engineering Solutions Ltd
  • Your Automated Clearing House Transaction Has Been Put On

Infections are occurring primarily in the U.S. and the U.K., Microsoft says, though examples can be found around the world.

Most important, keep your guard up.  Virus attack methods have a way of running in cycles.  Attackers have some successes with a method, other attackers imitate them, them the tactic becomes widespread, which makes consumers take notice, which makes the attack become less effective, which makes virus writers move on, until consumers forget the wisdom they’ve learned, which attracts virus writers, and the cycle starts over. Everything old is new again. So don’t mind me if I repeat myself. Never open an unexpected attachment from anyone. Even your mother. Pick up the phone and call to ask if she meant to send it.

This is clever. The dangerous email tells users they must enable macros. (Microsoft)
This is clever. The dangerous email tells users they must enable macros. (Microsoft)


Sign up for Bob Sullivan’s free email newsletter.  


About Bob Sullivan 1451 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.