The VBA (Virtual Basic for Applications) Retro Macro Viruses are back. These were a plague in the late 1990s involving infected Word and Excel files. Users opening an infected document were exposed to malicious code that infected Windows PCs.
This time these viruses are using social engineering to trick users into opening infected attachments with “trojan codes.”
VBA macros were extinct in recent years, thanks largely to security improvements in their chief target: Microsoft Office applications, particularly Word and Excel. Now they’re getting a second wind as a malware delivery mechanism.
Since the start of 2014 SophosLabs has identified 75 new strains of malicious macros. Although these VBA could affect Excel, SophosLabs has only seen it distributed in Word document, which makes it more successful for attackers because we’re no longer used to think of these as viruses.
The malicious macros are most commonly delivered via email and the web, so even computer savvies are exposed to get infected because they are used to constantly be receiving all type of links and attachments such as: statements, invoices, travel itineraries, price quotes, and many others.
Unfortunately, although malicious macros might be a blast from the security past, the core tactic is both current and persistent: Duping unsuspecting users into clicking, keying, and downloading their way into victimhood.