The Microsoft Malware Protection Center (MMPC) is warning Office users on the diffusion of malicious macros through email attachments or social engineering websites. A macro is a series of commands and instructions that could be grouped in a single command to accomplish frequently used tasks automatically.
In the recent months, the experts at MMPC have observed a significant increase in enable-macros based malware, the most active codes include Adnel and Tarbir.
“Two recent macro downloaders that we have seen spreading through spam email campaigns areTrojanDownloader:W97M/Adnel and TrojanDownloader:O97M/Tarbir. These recent campaigns are one example of an increasing trend of macro malware targeting home users and enterprise customers. These threats predominantly target our customers in the US and UK.” states the official blog post published by Microsoft.
Both malware was detected in several attacks targeting the US- and UK-based home users and enterprise customers.
The attack vector for both malware is the email, the malicious binary is served with an attachment that operates as infection gateway. The attachments came in the form of .doc or .xls files that appear to contain information related to a legitimate payment. The social engineering technique used in the attacks, exploits malicious emails with subject lines such as Payment details, Invoice – P97291, Order-Y24383, DOC file for report is ready, Invoice as requested, and so on.
Once the user is tricked into opening the malicious attachment, it prompts him to enable macros manually because Microsoft Office’s default settings are set to “Disable all macros with notification.”
“The combination of the instructional document, spam email with supposed monetary content, and a seemingly relevant file name, can be enough to convince an unsuspecting user to click the Enable Content button,” continues the MMPC report.
Once enabled the content the malware infects the targeted machine.
To avoid to be infected by the malware Microsoft suggests a few simple practices:
(Security Affairs – Microsoft macros, malware)