Results for macro

Threat Research

Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware

To survive, Macro downloaders have to constantly develop new techniques for evading sandbox environments and anti-virus applications. Recently, Fortinet spotted a malicious document macro designed to bypass Microsoft Windows’ UAC security and execute Fareit, an information stealing malware, with high system privilege. SPAM This malicious document is distributed by a SPAM email.  As part of its social engineering strategy, it is presented in the context of someone being interested in a product. Fig.1 SPAM with the malicious...

By Joie Salvio and Rommel JovenDecember 16, 2016

Threat Research

Dridex’s Macro Downloader

Modern malware use every possible vector of attack to infect a system. Emails, which are available to almost everyone, are common carriers. In this type of attack, attackers try to lure users to open malicious attachments that look like documents, but have multiple file extensions, such as “financial.doc.exe”. Most of the time, the user only sees the “financial.doc” filename without the ".exe" extension, which makes it easy to assume that it is a Microsoft Word document. Once the file is clicked and executed, the...

By Raul AlvarezApril 29, 2015

Threat Research

Old, but New – An Analysis of Recent VBA Macros

In early November, we experienced an influx of Microsoft Word documents that contained malicious macros. Just when the computer security industry was on the verge of forgetting these oldies, they rose to life once again, proving that they’re not allowing themselves to be eliminated that easily. In June, Ruhai Zhang warned of macro threats that continue to spread, particularly those that use Microsoft Excel. In this blog post, I will go over a family of Microsoft Word macros, detected as WM/Agent!tr, that I have encountered in the past couple...

By Sousan YazdiJanuary 06, 2015

Threat Research

Long Live Macro Threats!

Whenever we refer to macro threats, we are reminded of those malicious macros in the old days which infect Microsoft Office documents. Contrary to popular belief, macro threats haven't completely disappeared. Even with many new security features added to Microsoft Office and even with the improvement of people's security consciousness, macro threats still continue to persist. These new macro threats, however, have changed their role from being infectors into droppers that could decrypt/decode/drop/execute the payload. In this way, the payload...

By Ruhai ZhangJune 16, 2014