Avatar

Macros have been used since the mid 1990s to spread malware and infect systems. Increased user awareness of the need to disable the macro function within Microsoft Word during the late 90s and early 2000s sent these malware into decline. However, a change in Microsoft (MS) Office file formats dating from 2007 is now being actively exploited to hide the presence of macros and distribute malware at an increasing rate.

In this article, I show how MS Office file formats are being abused and obfuscated, and the extent of distribution of macro malware.

Read More >>



Authors

Talos Group

Talos Security Intelligence & Research Group