From the Labs: New developments in Microsoft Office malware

10 years ago
March 6, 2015
1 reply
208 views

+54

Jasper_The_Rasper
Moderator
11558 replies

by Graham Chantry on March 6, 2015

In September 2014, we wrote about a resurgence in VBA malware.
VBA stands for Visual Basic for Applications: it is a powerful and very widely-used programming tool that can be used right inside applications such as Microsoft Office.
That makes it common, and indeed perfectly usual, in legitimate files.
But, as we we wrote last time:

Visual Basic code is easy to write, flexible and easy to refactor. Similar functionality can often be expressed in many different ways which gives malware authors more options for producing distinct, workable versions of their software than they have with exploits.

In short, what is good for the gander is equally good for the goose.
Indeed, over the past six months, malware that arrives as a VBA program inside an innocent-looking document has become an all-too-common occurrence in the threat landscape, and an essential weapon in spam campaigns.

Full Article

+52

Petrovic
Gold VIP
1544 replies
10 years ago
March 7, 2015

While malware for Microsoft's Office platform has been around just about as long as the suite, we've heard less about it in recent times. That is changing though as new threats surface, altering the landscape a bit. The latest problems are really just a new iteration of the older ones, utilizing a tried and true attack vector.
That line of attack comes from the code itself, using Visual Basic for Applications (VBA).

Full Article

Reply

Rich Text Editor, editor1

Reply

Related Topics

How to Recover WSA, when temp disabled?icon

2 Questions for Newbieicon

The scan process stop at 66% and computer freezeicon

CryptoLocker's crimewave: A trail of millions in laundered Bitcoin

Can the user disable WSA's "component disabled" warning?icon

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded