Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can macro malware and macro virus threats be prevented?

Macro viruses are back in the form of macro malware, creating a potentially major issue for enterprises. Expert Nick Lewis explains how to ensure your organization doesn't fall victim.

I thought macro threats were gone, but now I am reading that they have changed roles and can still be a security...

headache. How can I stop macro threats and viruses?

Anything that can execute code on a client computer is potentially malicious. Until there are wider efforts to either make a secure shell scripting language like Shill prevalent or add security features to existing scripting languages, enterprises will continue to be challenged by macro viruses and shell scripts.

Simply put, secure shell scripting languages will not stop the development of malicious executables. Using signed shell scripts is a significant step forward, but signed shell scripts can also be used maliciously.

Fortinet Inc. researcher Ruhai Zhang wrote about malware that used an Excel macro as the initial infection vector in a multistage attack. The Excel macro downloads malicious code that then runs the exploit on the computer.

While users may inherently trust Excel documents and assume it is okay to open an Excel doc they weren't expecting, caution must be taken. There is a section in Zhang's post on mitigation measures and other basic endpoint security best practices that should be followed, such as disabling macros in Excel. Fortunately, enterprises have additional options they can use to stop malicious macros. Scanning email traffic for spam and downloads via a network-based security device could help identify macros attachments. Suspicious files should be quarantined, deleted or otherwise modified to remove the macros, allowing the recipient to open the file in a safe environment and determine if it is a legitimate document. If it is legitimate and the macro is needed, the file could be retrieved from the quarantine.

Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your questions now via email! (All questions are anonymous.)

Next Steps

Recent malware discoveries have found an increase in macro-infected Word and Excel files.

Learn more about macro viruses and the tools available to detect and remove them.

This was last published in February 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This really should be part of a common business practices. It isn’t a new problem, just a recurring one because people get lax about security.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close