Looks like the problem stays well contained within the Microsoft ecosystem.
Macroviruses are BACK and are the future of malware, says Microsoft
Macro malware is making a comeback with one nineties nasty infecting half a million computers, Microsoft says. Macro viruses took a battering over the last decade after Redmond spent a decade boosting security in its Office suites to reduce the likelihood that users would execute malicious macros. Word processors throw …
COMMENTS
-
-
Thursday 30th April 2015 02:38 GMT MrDamage
Contained within the Microsoft ecosystem
Which leads to the question I've asked numerous times before.
Why in the name of $deity is the MS ecosystem set up in such a way that a spreadsheet or text document is able to execute virii to the level of infecting the rest of the system?
The way it's going, the only way to truly prevent infection from Office related shitecode is to run it in a completely sandboxed VM.
-
-
This post has been deleted by its author
-
-
-
-
Thursday 30th April 2015 04:10 GMT veti
"Nearly"?
"nearly 501,240 unique machines"?
That's an awfully precise number to be described as "nearly". Did they explain how they arrived at it? Couldn't they have said "around 500,000" and been at least as accurate, since clearly there's some assumptions going on here anyway?
But honestly... as surely Microsoft is well aware, any security that can be circumvented by the user, will be. Social engineering remains the oldest hack in the book, it's never been patched and it still works. Users have been extensively trained to click "Allow" for too many spurious alerts.
You've got to stop giving people functionality that will only be used against them. If that means they can't make their Word documents auto-populate, or perform a song and dance routine appropriate to the current weather conditions or something - then too frickin' bad, they'll just have to use another application if they want that to happen, which is what they should be doing anyway.
-
Tuesday 29th September 2015 09:02 GMT Hans 1
Re: "Nearly"?
>use another application if they want that to happen, which is what they should be doing anyway.
Like OpenOffice with macros ? Right!
They BASICally need to sandbox the macro runtimes, why is it so hard?
I usually push OO/LO on here 'like mad', however, it is not the solution to all problems, you can do bad things with OO/LO macros as well ...
-
Thursday 30th April 2015 04:55 GMT e_is_real_i_isnt
Unless something changed in the latest version of Office, there were only two options. Keep the macros turned off or let them run. There was no option to open the macro and see what it did without also allowing to run. And there certainly no option to prevent macros from reaching anything they wanted to. For example, a switch that prevented direct access to dlls or to files, but only those features available using the menus of the application.
Too bad Open Office automation is an even worse cluster. I don't care to learn 3 levels of software abstractions to add a formula to a cell.That's just nuts.
-
Thursday 30th April 2015 08:20 GMT Mark Simon
Sandboxing
I have been telling others for decades that the solution is simple. There should be two modes: sandboxed and self-destruct. The overwhelming majority of VBA code I’ve developed is limited to the application, and mostly to the document (often via the template or addin).
Sandbox mode would allow most practical macros to run harmlessly keeping evil cross-application code at bay.
Apparently it’s not that simple ?
-
Friday 1st May 2015 02:27 GMT david 12
Re: Sandboxing
The overwhelming majority of the VBA code I've developed integrates seperate database, spreadsheet and word documents. Often (always) using the file system to read and write files, plus the "print system" the "email system" and occasionally main-frame database interfaces.
Sandbox mode does allow small marcros to run harmlessly. Using current software, anything you download is sandboxed, and also marked as untrusted.
-
-
Thursday 30th April 2015 09:27 GMT Xenobyte
People are gullible - and stupid
I once saw a test where office people were sent an email with a paragraph about security and not clicking stuff sent to them in an email, which also contained a big button saying "DO NOT CLICK ME". More than 70% clicked that button anyway... (which triggered an annoying noise)
-
Tuesday 5th May 2015 22:10 GMT Tom 13
Re: People are gullible - and stupid
Never link a "DO NOT CLICK ON ME" button to an annoying noise. That only encourages people to click on the button. Don't you know ANYTHING about human nature.
If you want a real test, that button has to automatically send an email to the IT Security team requesting the user take an enhanced IT Security Awareness training course, and cc their spouse.
-
-
This post has been deleted by its author
-
Saturday 16th May 2015 17:58 GMT Version 1.0
Zombies live
I'm constantly amazed and the number of shipping confirmations, purchase orders and requests for quotes that we receive in .XLS format - that mail server that I admin has a simple policy to deal with these - it strips them all.
If anyone is bothered by this then they can come to me with a USB stick and I'll put the offending attachment onto the USB stick and open it on a stand-alone machine. If it's a virus then I destroy their USB stick (it's the only safe thing to do) and reimage the PC.
I don't get a lot of requests for my services.
-
Tuesday 29th September 2015 09:08 GMT Hans 1
Re: Zombies live
>If anyone is bothered by this then they can come to me with a USB stick and I'll put the offending attachment onto the USB stick and open it on a stand-alone machine. If it's a virus then I destroy their USB stick (it's the only safe thing to do) and reimage the PC.
How do you detect malware ? Do you read the macro code ? I think the safest would be to save the XLS file as a CSV on the USB Stick and delete the XLS.
-
-
Tuesday 29th September 2015 21:46 GMT Anonymous Coward
RAD
Having worked in large financial services and telecoms industries you may be surprised at how much BAU is fundamentally dependent on non IT people writing good (and bad) code to provide solutions that It's easy to turnaround and say well if its that fundamental and saves that much cash then get IT to build a robust solution. The problem I have found is that as soon as the BU sees the quote they change there mind quite quickly.
You also find that BUs want flexible solutions (i.e. I don't actually know what I want until I see it running type thing), I'm yet to see an IT development in this space which solves that fundamental problem either.
From a security perspective everything coming externally with code it should be stopped. From an internal perspective what we need to do is move back to RAD development, i.e. IT(ish) people embedded within the business who know the business building tactical solutions.solve quite fundamental BAU problems and save the business a lot of cash and time.