Security researchers reveal Office macros still most prolific malware attack

ByCraig Haley

Exploiting Microsoft Office macros is still the most common method to infect computers with malware, security researchers have confirmed.

Security researchers at Proofpoint found that 1 in 10 attacks specifically target vulnerabilities in Microsoft Office macros to deliver malware to a victim’s computer. We explain what this means and how you can avoid falling victim to this scam.

One thing you’ll hear us and anyone in cybersecurity warning against is opening up email attachments, even if the email appears to come from someone you know or trust. Scammers can easily spoof the sender’s details to anything they want, and they can also use creative stories to lure a recipient into opening an attachment. We call that social engineering.

But many people still do open email attachments, and are more likely to if they see an attachment is, for example, a Microsoft Word or Microsoft Excel file. Because Word and Excel are legitimate programs, many believe such files can’t be used to initiate a malware infection. But that’s wrong. They can and are used to spread malware.


Sponsored Content. Continued below...




And that’s because of macros. These are small files embedded in Office documents (like Word or Excel) that contain a series of automated commands that help the Office software complete certain tasks. However, the vulnerability of macros lies in the fact that anyone can code them and embed them in a specific document. Even crooks. A second vulnerability is that they can be coded to download content from the Internet. Yes, that means malware.

So the Office document itself wouldn’t be considered malware. But it is a malware loader. It downloads the malware from the Internet.

Because macros are such a risk in this way, Microsoft disables them automatically when it detects a document arrived from the Internet. But when a user opens a document, the document will ask the user if they want to enable certain content (messages like the one below.) Enabling it will enable macros, which then puts a computer at risk.

This makes it harder for malware crooks, who now not only have to persuade a recipient to open an email attachment in the first place, but also to trick them to enable content in a security warning that appears once the document is open.


Sponsored Content. Continued below...




But research suggests that crooks are still managing by incorporating this security warning in their social engineering techniques. (i.e. telling a victim that they must enable content.)

It’s definitely past time we made this type of attack obsolete. And because we have two lines of defense, we should be able to do that.

First line of defense: Don’t open email attachments unless you were specifically expecting something to be sent to you at a specific time. And remember, even Office documents can be dangerous.

Second line of defense: If you do open an Office document that was sent via an email attachment, and now you’re being told to enable content (i.e. enable macros) – don’t do it!

Spreading this simple information can help us stop the most method crooks utilise to spread malware.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)