Security firm Zscaler has warned of more cyber nastiness after it discovered malicious documents that evade detection by using a new technique.
It seems attackers are enabling macros within malicious Microsoft Word documents as part of their attempt to evade the analysis systems used by anti-virus tools.
Malicious executables hidden within documents are not a new phenomenon, but attackers are increasingly utilising new techniques to make it harder for security software to detect them proactively, blogged Zscaler.
Zscaler said that attackers are now making use of macros, which of course are pieces of code embedded inside Microsoft Office documents (usually written in Visual Basic). Microsoft Office disables macros by default, but attackers are now apparently “using clever social engineering tactics to lure the user into enabling the macros.”
And it seems that malware authors making the macro code extremely difficult to detect by signature based systems.
“If any of these anti-VM or anti-sandbox checks is positive then the VBA macro code execution terminates and the end malware payload does not get downloaded on the system shielding it from automated analysis and detection,” said Zscaler. “Alternately, the malicious document will download and install a malware executable on the victim’s system if all the anti-VM checks fail.”
“Malicious documents with highly obfuscated macros have become an increasingly popular vector among cyber criminals to deliver malware executable payloads,” said Zscaler. “By adding newer anti-VM and anti-analysis techniques to the malicious documents itself, the attackers are protecting the end executable payloads from being downloaded and detected by the automated analysis systems.”
The firm advises users to never trust documents that prompt them to enable macros in order to view the content.
In March Microsoft made it tougher for enterprises to fall victim to macro-based attacks that prey on Office users. It implemented a new policy-setting feature in Office 2016 that allows administrators to block macros from untrusted sources.
Despite that, macro-based malware continues to be a thorn in the side of IT departments tasked with securing their organisations’ systems.
Are you a security pro? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…