Spam email delivers Microsoft Office macro trojan malware

Microsoft just released a notice to warn users about the dangers of receiving spam emails that ask for macro features to be enabled in Microsoft Office.trojan_shield

Macros with malware are making a comeback

Years ago, hackers would use macros as a way of delivering malware to users because the macro feature was turned on by default. This allows macros to to run without prompting the user first. Since then, Microsoft has disabled the macro feature by default in order to defeat this method of delivering malware to the computer. Now, hackers are using emails to phish for the user to turn on the macro feature. It works like this: the user receives an email about a notice or an invoice which prompts the user that the macro feature must be turned on in order to view the document. Once the user clicks on the button to allow the macro feature to be turned on, the malware will proceed to download and install as a Trojan.

There are two current types of macro malware that pose significant risk to the computer: TrojanDownloader:W97M/Adnel and TrojanDownloader:O97M/Tarbir. Both Trojans will install unwanted programs and malware when the user elects to use the macro feature in both Microsoft Word and Excel.

1. Ensure that macro feature in your Microsoft Office suite is turned off. If you need to use the macro feature, turn it on for the instance that you need it and then turn it off when you are done. Also, be very cautious when viewing and downloading documents from sources that you are not familiar with.

2. Keep your Emsisoft Anti-Malware up to date and do not disable, especially when dealing with Microsoft Office macros.

  • Glenn McGrew II

    The final sentence of #1 is wrong: “…sources that you are not familiar with”. Any time you receive a document, it doesn’t matter what the source is – if you didn’t request it and you’re not expecting it, it is suspect. I used to work at an IT company and ignorant employees would spread malware by accident. They’d get infected and a worm would mine their address book. The IT team was very slow to respond and never sent out a warning to all users not to click on those messages, so people would click on what they thought were safe messages because they came from a co-worker, or even a boss.

    Given that documents often come through email, and worms use address books, you’re likely to get a malware email from time to time from someone you trust. It could be a picture, a document or a link – you should always contact the sender if you weren’t expecting to receive it. I get them from time to time – most often an attachment or a link – but I don’t trust them.

    Sometimes, people even forward batches of photographs on purpose because they’re cool, interesting, cute or whatever, and some of them have embedded malware in them that downloads more malware. You’ll never even know it because these are the ones everyone wants to see! Clever social engineering!