How malware peddlers trick users into enabling MS-Office Word macros

“One popular social engineering trick to entice users to enable macros, is to make the user believe that the document contains secret or confidential information, and that the user needs to take action to reveal this information,” Didier Stevens explained.

The Word document will contain a message that the content is hidden (or encoded, or encrypted, …) and that the user needs to enable the content (or the macros) to visualize it. This function will change the font color from white to black (thereby “revealing” the hidden information) and remove the header that instructs the user to enable the content.

Effectively, this function will make you believe that nothing out of the ordinary happened, and that your action simply allowed you to read the document. What you won’t know or notice is that a malicious payload is downloaded and executed in the background, and your computer has been compromised.

More from HelpNetSecurity by clicking here.


This entry was posted in Cybersecurity Memo - Insiders Edition. Bookmark the permalink.