Word and Excel Macro Viruses Are Back

macro-virusUsing BASIC or Visual BASIC programming scripts can add automation and other functions to documents created in the Microsoft Office productivity suite of products.  Unfortunately, this feature can be used by cyber-attackers to send malware exploits in otherwise innocuous looking documents that most people would open without a second thought.

The macro virus goes back to 1995, the most infamous being the Melissa email macro virus that $80 million in damages to US Businesses in 1999.  Anti-malware tools were updated to bring this under control, and Microsoft released patches to Windows and the Office suite to correct some of the security flaws that allowed this problem to occur.  And so the macro virus faded into history.

Even though this threat has lain dormant for nearly 20 years, unfortunately over the last year it has returned.  There are a couple of good articles in Sophos and one on Kaspersky (see links that follow) if you want more of the technical details.  These exploits will show up in your email as an attached Word, Excel, Powerpoint, or perhaps even a web document or PDF.  Look for file attachments ending in .doc, .docx, .xls, ,xlsx, .ppt, .pptx, .mhtml, .pdf.

As we have advised before, checking attachments out in VirusTotal will be your best protection.  It never hurts to confirm the purpose and contents of an email attachment with the sender, but instead of hitting reply and sending your query back to the attacker, open a new email from your contact list or make a phone call to the apparent sender.  Many times when I have done this the person has not sent anything and the bullet in the inbox was dodged.  Accepting unsolicited attachments from unknown senders is just a bad idea at all times.

So watch your inbox and treat all attachments with suspicion, and you should be able to avoid this returning threat.


More Information:


About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.