Everything old is new again…that applies to computer virus attacks, too. Remember the good old days when booby-trapped emails contacting macro-infected Word documents and spreadsheets were the biggest threat to computer users? Well, they are back.
Microsoft issued a pretty specific warning this week at its Malware Protection Center, saying its seen a surge of macro-based threats that are getting traction.
Since it’s been awhile, here’s a quick refresher. Microsoft’s Office documents like Word and Excel come with a powerful feature. Document creators can add “macros” to them — little bits of computer code, or short programs, that make them far more functional. The macros run when the documents are open, which is fine, as long as the code is safe. More than a decade ago, virus writers seized on this tool and learned how to write malicious code that could be spread be sending emails with booby-trapped attachments. Victims would open the attachments because they might seem harmless — maybe because they were named “LoveLetter” — and quickly, virus writers could infect thousands, or millions of people.
Slowly, both consumer behavior and technology changes made macro viruses less effective. People started wising up about opening attachments willy-nilly. And Microsoft added protections, such as the familiar annoying dialog box that asks recipients, “Are you sure?” when opening a document and enabling a macro. So malicious macros went out of style.
Microsoft says they are back now. Two bits of malware named “Adnel” and “Tarbir” are making the rounds.
“The Microsoft Malware Protection Center (MMPC) has recently seen an increasing number of threats using macros to spread their malicious code. This technique uses spam emails and social engineering to infect a system,” it says. “We have seen new threats emerging that include some form of social engineering to convince users to manually enable macros and allow the malicious code to run.”
They are catching on, in part, because the spam includes instructions cleverly designed to trick recipients into bypassing security controls – to enable macros in the documents.
Be alert for emails with attachments and subject lines like this:
- ACH Transaction Report
- DOC-file for report is ready
- Invoice as requested
- Invoice – P97291
- Order – Y24383
- Payment Details
- Remittance Advice from Engineering Solutions Ltd
- Your Automated Clearing House Transaction Has Been Put On
Infections are occurring primarily in the U.S. and the U.K., Microsoft says, though examples can be found around the world.
Most important, keep your guard up. Virus attack methods have a way of running in cycles. Attackers have some successes with a method, other attackers imitate them, them the tactic becomes widespread, which makes consumers take notice, which makes the attack become less effective, which makes virus writers move on, until consumers forget the wisdom they’ve learned, which attracts virus writers, and the cycle starts over. Everything old is new again. So don’t mind me if I repeat myself. Never open an unexpected attachment from anyone. Even your mother. Pick up the phone and call to ask if she meant to send it.