Microsoft just released a notice to warn users about the dangers of receiving spam emails that ask for macro features to be enabled in Microsoft Office.
Macros with malware are making a comeback
Years ago, hackers would use macros as a way of delivering malware to users because the macro feature was turned on by default. This allows macros to to run without prompting the user first. Since then, Microsoft has disabled the macro feature by default in order to defeat this method of delivering malware to the computer. Now, hackers are using emails to phish for the user to turn on the macro feature. It works like this: the user receives an email about a notice or an invoice which prompts the user that the macro feature must be turned on in order to view the document. Once the user clicks on the button to allow the macro feature to be turned on, the malware will proceed to download and install as a Trojan.
There are two current types of macro malware that pose significant risk to the computer: TrojanDownloader:W97M/Adnel and TrojanDownloader:O97M/Tarbir. Both Trojans will install unwanted programs and malware when the user elects to use the macro feature in both Microsoft Word and Excel.
1. Ensure that macro feature in your Microsoft Office suite is turned off. If you need to use the macro feature, turn it on for the instance that you need it and then turn it off when you are done. Also, be very cautious when viewing and downloading documents from sources that you are not familiar with.
Emsisoft Enterprise Security + EDRRobust and proven endpoint security solution for organizations of all sizes. Start free trial
2. Keep your Emsisoft Anti-Malware up to date and do not disable, especially when dealing with Microsoft Office macros.