Tuesday, 10 March 2015

Attack With Malicious Macros In XML Files

Cyber ​​criminals use to spread again some time macros in documents to malware, but now there are also attacks observed with XML files were deployed. Macros allow users to automate various tasks and were used years back on a large scale by malware. Because of the security risks, Microsoft decided therefore to block macros by default in Office.

A year ago, appeared more and more .doc and .xls documents containing macros were hidden. The documents users were summoned to enable macros. Once the user the macro switch is downloaded and installed malware instance in the background. One tactic that seems to be successful, because the beginning of this year, Microsoft already gave a warning off for macro malware. Now warns security firm Trustwave for a new attack in which malicious macros are used via XML files.

XML stands for Extensible Markup Language and XML-based formats have become the standard for various office tools, including Microsoft Office. When a user loads the XML file opens Office and will appear again indicating that macros must be enabled. After switching a malicious script is executed that downloads and installs a Trojan horse. It is the Dridex banking Trojan, malware specifically designed to steal money from online bank accounts. The Internet Storm Center (ISC) gives organizations advice how this kind of XML files can be filtered.

No comments:

Post a Comment