Down but not out, VBA malware makes a comeback in Microsoft Office

While malware for Microsoft's Office platform has been around just about as long as the suite, we've heard less about it in recent times. That is changing though as new threats surface, altering the landscape a bit. The latest problems are really just a new iteration of the older ones, utilizing a tried and true attack vector.

That line of attack comes from the code itself, using Visual Basic for Applications (VBA). Security firm Sophos is reporting a rise in incidents of this across various parts of the suite. The code is unfortunately open to these flaws.

Sophos reports "Visual Basic code is easy to write, flexible and easy to refactor. Similar functionality can often be expressed in many different ways which gives malware authors more options for producing distinct, workable versions of their software than they have with exploits".

Over the past six months security researchers have found an increase in the rate of these attacks, claiming that the code is hidden inside of seemingly innocent documents. Office versions ranging from 1997 to 2003 are the main target, it would appear, with Word leading the charge. However both Word and Excel 2007 are vulnerable, though both seem less targeted. Consider that Word 1997-2003 accounts for 83 percent of the malware, while 2007 tallies only six percent.

Sophos points out that "Only when the Office file is opened (rather than when it is received) do they reveal what malware they are actually using in the attack". In many cases the security firm claims the malware is "Dridex", which accounts for about 70 percent of the VBA attacks.

The bottom line seems like a broken record. Simply do not click attachments in emails, even if you think you know where they came from -- the sender, even if it's a friend or colleague, could simply be the previous victim.

Photo Credit: Sergey Nivens / Shutterstock