Macro-based malware – Computer Security Articles

Tax-themed phishing and malware attacks proliferate during the tax filing season

March 20, 2017 admin Antimalware research for IT pros and enthusiasts, Macro-based malware, phishing, Social engineering, spam, tax-themed attacks, Windows 10

Credit to Author: msft-mmpc| Date: Mon, 20 Mar 2017 12:50:12 +0000

Tax-themed scams and social engineering attacks are as certain as (death or) tax itself. Every year we see these attacks, and 2017 is no different. These attacks circulate year-round as cybercriminals take advantage of the different country and region tax schedules, but they peak in the months leading to U.S. Tax Day in mid-April. Cybercriminals are using a variety of…

Microsoft Security

Been shopping lately? Fake credit card email can spook you into downloading Cerber ransomware

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, AppLocker Group Policy, Cerber, Device Guard, macro malware, Macro-based malware, malware, malware research, MMPC, ransomware, Social engineering, spam, Windows Defender

As the shopping sprees become increasingly frenetic during holiday season, it’s hard not to worry about how much credit card debt we’re piling. Some of us rely on email notifications from our banks to track the damage to our finances. So what happens when we suddenly get notified about charges for things we never bought?…

Microsoft Security

No slowdown in Cerber ransomware activity as 2016 draws to a close

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, Cerber, Donoff, Exploits, holiday shopping, macro, Macro-based malware, Meadgive, ransomware, spam, Windows 10, Windows Defender, Windows Defender ATP

As everybody else winds down for the holidays, the cybercriminals behind Cerber are busy ramping up their operations. Following our discovery of a spam campaign that takes advantage of holiday shopping, we found two new campaigns that continue distributing the latest variants of Cerber ransomware. These campaigns are the latest in a series of persistent cybercriminal…

Microsoft Security

Office 2013 can now block macros to help prevent infection

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, Macro-based malware, office, Product features and announcements

In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet. This feature was documented back in March: New feature in Office 2016 can block macros and help prevent infection, and the predominant…

Microsoft Security

Double-click me not: Malicious proxy settings in OLE Embedded Script

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, JavaScript, JavaScript spam attachment, JScript, JScript malware, JScript malware prevention, Macro-based malware, malware-prevention blog, mitigate OLE misuse, obfuscated JScript, OLE misuse mitigation, OLE-embedded objects, Social engineering, spam, spam email infection vector, Trojan, Trojan:JS/Certor.A, Trojan:PowerShell/Certor.A, Windows Defender

Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. In our previous blog, Where’s the…

Microsoft Security

Where’s the Macro? Malware authors are now using OLE embedding to deliver malicious files

January 23, 2017 admin Antimalware research for IT pros and enthusiasts, CAPTCHA, Cerber, Donvibs, macro malware, Macro-based malware, malicious JS scripts, malicious VB files, Microsoft Office, office, OLE-embedded objects, ransomware, TrojanDownloader:VBS/Donvibs, TrojanDownloader:VBS/Vibrio, Vibrio

Recently, we’ve seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we’ve seen macros used in a similar matter, and this use of OLE might indicate a shift in behavior as administrators and enterprises are mitigating against this…

Microsoft Security

Malicious macro using a sneaky new trick

January 23, 2017 admin antimalware, Antimalware research for IT pros and enthusiasts, Donoff, guidance, Locky, macro, Macro-based malware, malware, malware research, office, ransomware, Social engineering, VBA, VBAscript, Windows 10, Windows Defender, Word

We recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t…

Microsoft Security

Large Kovter digitally-signed malvertising campaign and MSRT cleanup release

January 23, 2017 admin Kovter, Locky, Macro-based malware, Malvertising campaign, maps, MSRT, ransomware, Trojan, Windows Defender, Windows Defender for Windows 10

Kovter is a malware family that is well known for being tricky to detect and remove because of its file-less design after infection. Users from United States are nearly exclusively being targeted, and infected PCs are used to perform click-fraud and install additional malware on your machine. Starting April 21, 2016, we observed a large…

← Previous