Macro Malware Returns with a Vengeance, Infecting Half a Million PCs

April 30, 2015 – 9:07 PM

Macro malware, that tried-and-true document-borne attack vector, is back. Over the past few months, Microsoft has seen an increasing macro downloader trend that affects nearly 501,240 unique machines worldwide.

The majority of the macro-malware attacks have taken place in the United States and United Kingdom.

Macro malware gets into your PC as a spam email attachment. The user opens the document, enables the macro, thinking that the document needs it to function properly—unknowingly enabling the macro malware to run.

Success of course requires the email recipient to fall for a social engineering technique and open the attachment.

“The macro malware-laden documents that target email users through email spam are intentionally crafted to pique any person’s curiosity,” explained the Microsoft Malware Protection Center, in a blog. “With subjects that include sales invoices, federal tax payments, courier notifications, resumes and donation confirmations, users can be easily tricked to read the email and open the attachment without thinking twice.”

Essentially, macro downloaders serve as the gateway for other nasty malware to get in. “When a malicious macro code runs, it either downloads its final payload, or it downloads another payload courier in the form of a binary downloader,” Microsoft added. “After the macro malware is downloaded, the job is pretty much done. The torch is passed to either the final payload or the binary downloader.”

Source:
http://www.infosecurity-magazine.com/news/macro-malware-returns-with-a/