Malware Might Be Executed via MS Office Even With Disabled Macros

We are used to the headlines that some commercial software products are vulnerable and cyber criminals can take advantage of it – implement some kind of viruses or malicious codes to the systems. However, nowadays not only third parties products are targets, as various original tools and features of operating systems are at risk too. The problem is that those default features usually are not closely monitored and considered to be secure.

MS Office Macros malware

Ciscos researches revealed that specific Microsoft word documents can be quipped with malware spreading code, which executes automatically. In addition to that, this vulnerability doesn’t require Macros to be enabled in order to execute the code.

We are talking about default Microsoft Office feature “Dynamic Data Exchange” or simply “DDE”. This technology allows two separate applications to run at the same time and share the same data. This way information can be updated faster and easier – the technology is implemented by tons of various applications, including all Microsoft Office programs.

Macros Vulnerability

DDE is being exploited by hackers as they are launching spam campaigns to trick users worldwide. They pretend that those letters are sent by Security and Exchange Commission:

The emails themselves contained a malicious attachment [MS Word] that when opened would initiate a sophisticated multi-stage infection process leading to infection with DNSMessenger malware

So once this malicious code is inside, user will be informed that there are links to external files and ask for the permission to open them. If the permission is granted, those files will communicate with hackers’ servers and upload DNSMessenger malware to your computer.

Unfortunately, this security issue is not yet recognised by Microsoft itself, so the only way to secure your computer is to monitor system event logs from time to time. Again, this requires some specific knowledge in this field.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments