Maybe you don’t remember, but in 1999 Melissa was an extremely popular name within cybersecurity. This cyber virus infected more than 100.000 computers in only three days. It was a macro type malware, that is, a virus that hid the malicious source code in an Office document programming. When the user opened a Word or Excel document containing Melissa, it quickly infected all the Microsoft Office products. Its propagation speed broke records.
Almost 20 years after, ‘macro virus’ are becoming again a worldwide plague. Microsoft has confirmed this trend, and according to the company, there are more than half a million computers infected, especially in the United States, United Kingdom, France, Italy or Germany.
Cybercriminals have realized that the most simple and traditional methods continue working, and therefore, they try infecting computers through Word with these simple virus. “In the past couple of months, we have observed the resurgence of malicious VBA macros (programmed in Visual Basic for Applications),” said security expert Gabor Szappanos in a recent study entitled ‘Virus is not dead’. “This time, not self-replicating virus, but simple downloader Trojan codes”.
Office 2007 repelled a great extent of these virus- macros were disabled in the configuration by default- but attackers found new ways of spreading the virus. This Hungarian researcher has studied how the virus creators rely on an external attack vector: our own behavior. “They prepared the content of the documents in such a way that it would lure the recipient into enabling the execution of macros, and thus open the door for infection”, explains Szappanos. The user opens the document, enables the macros as directed and the virus begins to roam freely.
The point is that every day we receive dozens of emails with potentially dangerous attachments. Although we are aware that clicking ‘run’ on an ‘.exe’ file can be risky, we don’t stop to think it when an Office document asks us to enable our macros. We just accept it without thinking about the consequences.
The macro virus come-back reveals that neither the sophistication nor the novelty are the most important factors when quickly spreading malware. They just need a naive user to willingly open a document from an unknown sender.
The fact is that we hardly ever stop to think why someone would want us to download an attachment. We just open it, despite the risks to our safety. Now, we will have to think it twice.