6 Tips on how to keep macro-based malware away

By Anthony Cowie

In the past few months the data security company F-Secure has detected that attackers are distributing malware through Microsoft Office documents again, something that hasn’t been done on a major scale since the early 1990’s when they first appeared. These corrupted documents will typically ccontain malicious macros. The macros are basically scripts embedded in files that are used to automate tasks in Microsoft Word or Excel and are normally very useful, however in this particular case they are being used for malicious actions like installing malware.
When Microsoft Office XP was introduced in 2001 the software was upgraded to ensure that it asked users for permission to run unsigned macros in an attempt to stop attackers from using macro-based malware. Now 14 years later, macro-based malware is resurfacing and taking note of which macros you should be giving permission to has become as important in the newer versions of MS Office as it was all those years ago.

The following are some tips on how to diminish macro-malware attacks.

1) Protect your email
Make sure that you have strong email security as this form of malware is typically retrieved through email attachments. Also pay close attention to attachment stripping and scanning, as well as making use of link reputation checks and security.
2) Disable macros
Set group-policies so that only a few employees are allowed to run macros in the MS Office products.
3) Use the latest MS Office software
Most macro-malware is in a .doc file format, mostly seen in Microsoft Office 2007 and older versions. By using the latest Office software, it safeguards against these kinds of attacks as it contains extra safeguards against attempts to disguise the “.docm” and “.xslm” extensions.
5) Delete any suspicious emails
Employees should delete any suspicious emails and never open attachments from untrusted sources.
6) Don’t run macros on your computer!
Macro-based threats often require user consent to run. Unless they are critical to their job function, employees should not be allowed to run macros as one slip up by an unaware employee can lead to opening the door to a malware attack.
Companies should ideally also invest in email productivity training as this this will help prevent employees falling for traps by managing their email properly. By doing this, companies are not only putting money into security awareness but also getting other great benefits in for the bargain.