Our Insights

Valuable information we share.

Extra Layer of Protection against Macros and Malicious Websites

Posted by Nino Vales | Aug 20, 2018 9:45:24 AM

Macros – they are normally delivered as attachments in the form of a Microsoft Word document. Macros can either make your life easier by automating those repetitive stuff or destroy all of your work in seconds. It is exploited by attackers to infect systems and make demands against the victim.

If your Microsoft Office is not set to disable Macros from running then you are at risk of infecting your system.

Why? Because the moment you open the malicious document, the Macros are set to run automatically.

It is a good practice to disable Macros from automatically executing whenever a document is opened.

Microsoft has an article on how to disable Macros for different versions of Office

If you have the default settings, Microsoft Word will warn you that you need to click the “Enable Editing” prompt in order to run the Macros.

Aside from running Macros, there are Word documents with embedded objects. The objects are often disguised as a PDF or Excel document. But in fact, it is a shortcut to Command Prompt where after you clicked it, it will launch a shortcut with a PowerShell script to download and run an infected file from a certain website.

Avoid opening attachments from suspicious senders. Be cautious on random emails about arriving packages. If you are expecting one, they will not contain a Word document with blocked Macros. Double check the sender and the links inside the email.

Surprisingly enough, attackers are including a guide about enabling Macros and how to open their attachments. They added steps to click the “Enable Editing” button or else you will not be able to view the document correctly. Not only this, they added a password to open the document! How silly right? To think that adding a password will basically prevent the user from opening the document and running the malicious code.

Of course, they included the password in the body of their email. Trying to lead victims to think that this was a legitimate document because it is protected by a password.

Remember, it doesn’t matter if that attachment is password protected. If you feel that it is sketchy and suspicious then it should never be opened. If you are unsure, contact your local IT provider to provide you with some guidance.

It is unlikely for systems behind a Web filtering service or with a good antivirus to get infected. I tried to run it on a controlled environment and our Web filtering service (Cisco Umbrella) had blocked it from attempting to visit a dangerous website and stopped it from running.

It pays to invest on even the simplest protection your money can afford. There are lots of free applications to protect your system, but the assurance of having a premium layer of protection will give you the peace of mind in case you or someone accidentally downloads and runs an infected attachment.

Topics: Cyber Security, Ransomware

Written by Nino Vales

Nino regularly writes about tips and articles about Cyber Security. He currently holds dual CCNA certification in Routing and Switching, and CyberOps. During his free time, he loves to go fishing and play basketball. He is a huge NBA fan and loves to collect limited edition basketball sneakers and jerseys. He currently plays NBA 2K19 in his PS4.

ASK US HOW WE CAN SERVE YOU

Clear Concepts is a team of passionate professionals, proud of what we do — we want to make a positive impact on your operation.

Let us hear your technology challenges and opportunities so we can help you get the most out of your technology investment, on-premise and in the cloud. Contact us today.