Using BASIC or Visual BASIC programming scripts can add automation and other functions to documents created in the Microsoft Office productivity suite of products. Unfortunately, this feature can be used by cyber-attackers to send malware exploits in otherwise innocuous looking documents that most people would open without a second thought.
The macro virus goes back to 1995, the most infamous being the Melissa email macro virus that $80 million in damages to US Businesses in 1999. Anti-malware tools were updated to bring this under control, and Microsoft released patches to Windows and the Office suite to correct some of the security flaws that allowed this problem to occur. And so the macro virus faded into history.
Even though this threat has lain dormant for nearly 20 years, unfortunately over the last year it has returned. There are a couple of good articles in Sophos and one on Kaspersky (see links that follow) if you want more of the technical details. These exploits will show up in your email as an attached Word, Excel, Powerpoint, or perhaps even a web document or PDF. Look for file attachments ending in .doc, .docx, .xls, ,xlsx, .ppt, .pptx, .mhtml, .pdf.
As we have advised before, checking attachments out in VirusTotal will be your best protection. It never hurts to confirm the purpose and contents of an email attachment with the sender, but instead of hitting reply and sending your query back to the attacker, open a new email from your contact list or make a phone call to the apparent sender. Many times when I have done this the person has not sent anything and the bullet in the inbox was dodged. Accepting unsolicited attachments from unknown senders is just a bad idea at all times.
So watch your inbox and treat all attachments with suspicion, and you should be able to avoid this returning threat.
- Sophos – Why Word Macro Viruses Are Back
- Sophos – Why Word malware is BASIC
- Kaspersky – What is a Macro Virus
- Virus Bulletin – MWI-5: Operation HawkEye – a detailed description of the payload and attack vectors.