Many of the normal users tasks are based on the Microsoft Office products. One of the most common feature that has been rolled out to ease the complex tasks is #Macros. Recently there has been many attacks by exploiting this feature.
Macros are the piece of program that has been used to ease the complex activities and it is embedded along with the document and office allows Visual Basic Script to be embedded into the document. Macros can also be used to carry out many malicious activities.
These days attackers are seeking new methods to compromise the system even a blank pdf file is more than enough to compromise the system. If a document is containing Macros, Office will popup a warning as "This Document contains Macros" and if the user clicks on Allow Macro or Enable Editing option, the system is compromised.
Once the macro starts executing, it may download the malicious program and it will infect the other documents so as to increase the infection level. There are some settings that can decrease the macro infections.
1. Move the document to the Trusted Location so as to prevent the infection from macro into the network. Trusted Location in corporate infrastructure may be a DMZ (DeMilitarized Zone).
2. Enable the setting "Block Macros from running in Office files from Internet" that is now rolled out and it will prevent the execution of macro unless the file has been moved to the Trusted Location.
Ranomwares are also now spreading through these documents containing malicious macros and attackers are spreading the malware with macros through Internet mails with catchy subject.
P.S: The post is to create awareness and not to create any negative impact.
No comments:
Post a Comment