Macro Malware That Targets Microsoft Office Is Back

Researchers at Intel Security have revealed that macro malware, a strain of malware that had been on the cybersecurity radar for nearly 16 years is back, in a big way.

Macro malware, the malware strain that exploits the macros found in Windows Office products such as word processor Word and spreadsheet processor Excel is back after its initial foray as a virus in 1999. At the time, it was simply referred to as the “Melissa Virus”. Due to the diligence of Microsoft at the turn of the millennium, the software giant added a step seeking permissions for Office users, which basically curbed the threat posed by the Melissa virus. However, the strain, now known as Macro, is back and it may have already affected at least 100,000 people this year alone, claims Intel Security.

Speaking to SCMagazine, vice president and chief technology officer of Intel Security, Raj Samani said:

Certainly over the last 12 months, we have witnessed a spike (in Macro cases). In underground forums, there are multitudes of tools that allow people to create malicious macro malware attachments that has also fed the spike.

Another Intel Security executive and senior vice president, Vincent Weafer recently penned an Intel Security Perspectives blog where he claimed the number of Macro malware incidents have shot up four times this year. He added that Microsoft office products are the target, just as they were in 1999.

Over time, it is to be expected that malware authors have tweaked and modified the malware to be more effective and this holds true for Macro. The latest variant of the strain includes several new endeavors to spread the malware including social engineering and phishing campaigns with enterprise and corporate users the most targeted, due to their usage of Office.

Weafer added:

Common subject lines include phrases such as payment request, courier notification, resume, sales invoice or donation confirmation. The text of the email matches the subject line with enough information to get the attachment opened, including official-looking signatures and logos.

Another significant change from the days of being the Melissa virus is the cloaking ability that Macro now possesses. In other words, it has the means to remain hidden and avoid detection on a computer. Malware authors seem to have achieved this by using advanced encryption techniques.