Friday 29 May 2015

Malignant Macro Virus Bypasses Via MHTML Format



Cyber criminals have used a remarkable file to malicious macros invisible for virus scanners, as several researchers have discovered. The use of macros in Office documents has become a popular tactic to spread malware.

Macros are disabled by default in Office, but when users enable the macro can download and install malware. Recently discovered researcher Bart Blaze a spam campaign where there is a doc file with malicious macros added. In reality it turned out to be a Word MHTML file. According to researchers at security firm Trustwave beat the criminals after making the malicious macro as an MHTML file, to which then rename it to .doc or .xls. As a result the file will be opened by Microsoft Office.

When the spam campaign was detected showed that most virus scanners that are not detected. According to investigators, the criminals have malicious macros intentionally saved as MHTML file, to circumvent virus. An analysis of the MHTML file shows that the part of the evil macro via base64 encoded. In case users open the attachment and run the macro is a Trojan horse installed that is specifically designed to steal money from online bank accounts. Users also are advised to Microsoft Office can be configured to all macros are blocked.

No comments:

Post a Comment