Thursday 14 May 2015

Cisco Raises The Alarm For Advancing Macro-Malware


In half a year, the number of attacks doubled through macro-malware, network giant Cisco reason to sound the alarm. The malware is distributed via e-mail attachments that contain Word documents. Once the document is opened, the user is asked whether he wants to enable macros, because Microsoft has it turned off by default for security reasons.

According to Tim Gurganus Cisco, many people forget and turn the threat of macros then, so the malicious code in the document to download and install malware. A successful approach, as evidenced by the increase in the number of e-mail attacks macro-malware is used. The problem is compounded because most email filters and business office documents and not block the malicious macro code geobfusceerd and is very difficult to detect.

The first malicious macros were still out of 150 lines of code, which have now been there in 1500. The makers have all kinds of measures taken to avoid detection and the tactics in the field of social engineering refined. Thus allowed to open a blank page after the first copies, which could alert users that something was wrong. Since early this year "distraction Documents" displayed while in the background the infection takes place. Consequently, users will not suspect that it is malware.

It also appears that the attackers regularly hacked legitimate websites or cloud services like Dropbox, Google Drive or Pastebin.com use to host the malware. The big advantage is that the domains do not stand out in traffic and will not be blocked soon. "Macro-malware is also a good example of malware makers who respond severely becoming security measures, such as blocking zip files containing .exe files. Attackers continue to adapt their tactics, techniques and procedures," said Gurganus.

No comments:

Post a Comment