Hackers Use Microsoft Macros to Distribute Malware
Tech Republic has determined in the month of August, approximately 45% of malicious activity monitored was executed through Microsoft’s macros feature. This means that the malware was hidden in a Microsoft program and upon opening, the malware would execute assuming macros were enabled. Often times Microsoft’s macro feature is enabled by default. Therefore, if this was the case on a device the malware would run on its own. However, if the Microsoft macro feature is not enabled, a prompt populates on the screen to enable the feature to “open” the document. Upon clicking on enabling macros, the malware begins to run.
The only way to stop the malware from executing, if macros become enabled, would be with a security solution using a whitelist approach. In this particular case, the malware would still attempt to execute; however, after determining the file is not on the whitelist, it would be blocked from running.
To disable macros, follow the instruction below:
- Open a Microsoft Office program (Word, Excel, etc.)
- Open a new document/spreadsheet/powerpoint, etc.
- Click on File
- Select Options
- Click on Trust Center
- Click Trust Center Settings
- Ensure the option selected disables macros
- Using the disable macros with notification option, the pop-up mentioned above will still show up on the screen giving the option to enable them
- The disable macros without notification will leave macros disabled unless the user goes into the Trust Center Settings to enable the option
