Macro-Based Malware on Rise

Thursday, September 18, 2014 @ 04:09 PM gHale

Macro-based malware rose from 6 percent of all document malware in June to 28 percent in July, researchers said.

And it all comes down to exploiting Visual Basic, said Gabor Szappanos, principal researcher at SophosLabs.

Malware Uses Multiple Distribution Points
Attackers Launch Malvertising Program
Tool to Spy on Bad Guys
Malware Team Uses RAT

“Visual Basic code is easy to write, flexible and easy to refactor,” Szappanos said in a report. “Similar functionality can often be expressed in many different ways which gives malware authors more options for producing distinct, workable versions of their software than they have with exploits.”

Another advantage of Visual Basic code over exploits is it will work in all versions of Microsoft Office, not just the ones vulnerable to that particular exploit.

Even though Microsoft has made it so all macros from untrusted sources end up disabled by default, malware authors have been using social engineering to trick users into enabling them.

Learning and writing in Visual Basic for Applications (VBA) is extremely easy, but even if malicious actors don’t have that knowledge, there are a number of VBA downloader templates the bad guy can purchase online, researchers said.

“The samples in question contain Visual Basic code with helpful comments as to where authors should insert a malicious link as well as details of methods for obfuscating the code,” the researchers said.

Leave a Reply

You must be logged in to post a comment.