Tony Bradley in BusinessMalwareSecuritySecuritySocial Engineering

Think VBA macro malware is dead? Think again

VBA (Visual Basic for Applications) macros haven’t been a significant malware threat for a few years now. Ever since Microsoft disabled VBA macro execution by default in the Microsoft Office suite, VBA macro malware can’t execute without user intervention.

From the point of view of malware developers, though, this is not a defeat. It’s just a challenge to overcome. Rather than abandoning VBA macro malware completely, malware developers simply came up with a new approach to lure users into enabling VBA macro execution, and opening their PCs up to attack.

A white paper by a Sophos Labs researcher describes the new VBA macro threat in detail, and summarizes why it is that attackers don’t need to bother with sophisticated exploit code. The user is the weakest link, and it’s much easier to execute an attack through social engineering rather than trying to outsmart the operating system or applications.

Take a look at this post from my Minimal Risk blog on CSOOnline.com: VBA macros are a serious malware threat once again

About
Latest Posts

Tony Bradley

I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

Latest posts by Tony Bradley (see all)

Cybersecurity Priorities and Challenges for 2024 - April 25, 2024
Key Insights from Coalition’s 2024 Cyber Claims Report - April 24, 2024
Unpacking the Marketing Challenges of Small Businesses in 2024 - April 23, 2024

Next Read: $99 tablet could catapult Microsoft to top of tablet heap »

macro malwareVBA macroVBA malwareVisual Basic Application

Tony Bradley: I have a passion for technology and gadgets--with a focus on Microsoft and security--and a desire to help others understand how technology can affect or improve their lives. I also love spending time with my wife, 7 kids, 4 dogs, 7 cats, a pot-bellied pig, and sulcata tortoise, and I like to think I enjoy reading and golf even though I never find time for either. You can contact me directly at tony@xpective.net. For more from me, you can follow me on Twitter, Facebook, Instagram and LinkedIn.

View Comments (1)

Keir Thomas says:

July 25, 2014 at 4:26 pm

Hmmm... I use a Mac but with Office 2011 Microsoft kindly gifted VBA upon us (prior to that Mac versions of Office lacked it). Does anybody know if Office for the iPad has VBA capabilities? It would make TOTAL sense if Microsoft provided the first malware vector for iOS.

Guarding Your Business: A Guide to Employee Training for Cybersecurity Vigilance
Protecting your business from scams and cybersecurity threats not only bolsters your business’s practices but…
HP’s Threat Report – New Threats, Bigger Problems
HP issues a threat report quarterly (this month’s came with a video), and this quarter’s…
Creating a Strong Cybersecurity Culture: Why It Matters and How to Do It
There’s no question that all businesses and organizations are at risk of cybersecurity breaches. It’s…