VB Migration

Tag: macro

  • .SettingContent-ms files remind us that it is features, not bugs we should be most concerned about

    One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago . Unlike their predecessors from the 1990s, these macros can’t run automatically, but require the user to explicitly enable macros. This obviously mitigates the damage quite a…

  • .SettingContent-ms files remind us that it is features, not bugs we should be most concerned about

    One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago . Unlike their predecessors from the 1990s, these macros can’t run automatically, but require the user to explicitly enable macros. This obviously mitigates the damage quite a…

  • Paper: The Journey of Evasion Enters Behavioural Phase

    Anti-detection techniques are almost as old as malware itself and have developed well beyond hash busting techniques. As security products adapt their detection tools, malware authors need to find new ways to prevent their malware from being blocked while it is running. In a new paper (also available as PDF ) published today by Virus…

  • Paper: The Journey of Evasion Enters Behavioural Phase

    Anti-detection techniques are almost as old as malware itself and have developed well beyond hash busting techniques. As security products adapt their detection tools, malware authors need to find new ways to prevent their malware from being blocked while it is running. In a new paper (also available as PDF ) published today by Virus…

  • Malware likely cause of power cut in Ukraine

    BlackEnergy malware previously linked to targeted attacks in the country. When in late December hundreds of thousands of homes in Western Ukraine suffered power outages, many people talked about the possibility of the interruption in power having been caused by a cyber-attack. But people always talk about cyber-attacks — the truth is almost always a…

  • Paper: MWI-5: Operation HawkEye

    Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details. Macro malware was a plague in the late 1990s, when Microsoft Office executed macros by default, making the writing of computer viruses literally child’s play. Macro execution has long been disabled by default, but in the last two years,…

  • You are your own threat model

    For most people, the biggest security threat is that of themselves doing something they shouldn’t do. Last week, Microsoft wrote about the return of macro malware where, now that macros have long been disabled by default, social engineering is used to trick the user into enabling them. Although it was interesting to read Microsoft ‘s…

  • Vawtrak trojan spread through malicious Office macros

    Users easily tricked, but plenty of opportunity for the malware to be blocked. Researchers at Trend Micro report that the ‘Vawtrak’ banking trojan now also spreads through Office macros, embedded in documents that are attached to spam emails. Vawtrak rose to prominence late last year, when it broadened its scope from targeting Japanese banking users…

  • Macro malware on the rise again

    Users taught that having to enable enhanced security features is no big deal. When I joined Virus Bulletin almost eight years ago, macro viruses were already a thing of the past, like porn diallers or viruses that did funny things to the characters on your screen: threats that were once a real problem, but that…

  • Paper: VBA is not dead!

    Gabor Szappanos looks at the resurgence of malicious VBA macros that use social engineering to activate. Macro malware had long been assumed dead. After all, macros are disabled by default in modern versions of Microsoft Office , which means they do not automatically execute upon opening a file. However, macro malware has recently made a…