August 31st, 2016, 18:28 PM
Microsoft warns about new wave of Word macro viruses
Microsoft has warned users of the company's Office applications suite about a new wave of macro viruses that tricks people into downloading malware.
The attack vector mimics the Word macro viruses of the 1990s, but with an even more deadly payload.
Microsoft explained that the problem involves the combination of social engineering and malicious macros.
"Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigation investments in Windows," said the company in a Microsoft TechNet blog post.
"Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. We recently came across a threat that uses the same social engineering trick but delivers a different payload."
Microsoft explained that the payload's primary purpose is to change a user's browser Proxy Server setting, which could result in the theft of authentication credentials or other sensitive information.
"We detect this JScript malware as Trojan:JS/Certor.A. What's not unique is that the malware gets into the victim's computer when the victim clicks the email attachment from a spam campaign," the post said.
Microsoft added that people really ought not to click on links from people or companies that they do not know or trust.
"To avoid attacks like we have just detailed, it is recommended that you only open and interact with messages from senders and websites that you recognise and trust," explained the firm.
"For added defence-in-depth, you can reduce the risk from this threat by following [our] guidance to adjust the registry settings to help prevent OLE Embedded Objects executing altogether or running without your explicit permission."