{"id":5099,"date":"2020-02-10T23:43:07","date_gmt":"2020-02-10T23:43:07","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5099"},"modified":"2021-04-16T13:11:54","modified_gmt":"2021-04-16T12:11:54","slug":"how-stay-safe-office-macro-based-malware-email-security","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security","title":{"rendered":"How to Stay Safe from Office Macro-Based Malware with Email Security"},"content":{"rendered":"<p>Microsoft Office macros have been spreading malware since the late &#8217;90s, ranging from Melissa to well-known ransomware applications such as Locky or the Dridex banking malware. However, as users learned how to combat these threats, this type of attack fell out of favor with hackers.<\/p>\n<p>Unfortunately, with the threat landscape ever evolving, cybercriminals becoming more sophisticated, and macro programs becoming popular among businesses, we have seen a resurgence of this type of attack over the past few years. In 2016, Microsoft\u00a0<a class=\"ext\" href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2016\/03\/22\/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection\/\" target=\"_blank\" rel=\"noopener noreferrer\">reported<\/a>\u00a0an increase in macro-based malware, accounting for almost 98% of all Office-targeted threats. Last year Microsoft\u00a0<a class=\"ext\" href=\"https:\/\/www.zdnet.com\/article\/microsoft-were-fighting-windows-malware-spread-via-excel-in-email-with-bad-macro\/\" target=\"_blank\" rel=\"noopener noreferrer\">warned<\/a>\u00a0that Windows macro-based malware was being spread via Excel in email.<\/p>\n<h3><b>What are macro viruses?\u00a0<\/b><\/h3>\n<p>Macros are basically small scripts written in the Visual Basic for Applications (VBA) programming language. They allow repetitive actions within Office documents, and every user can record their actions, generate a macro, and run it every time they need to complete that sequence and save time.\u00a0In short, macros are small programs that run within bigger programs to automate time-consuming tasks on a user\u2019s behalf to boost productivity. Unfortunately they also allow bad actors to embed dangerous payloads, such as ransomware, rootkits, spyware, and so on.<\/p>\n<p>Cybercriminals use macros to infect any computer that opens and runs the malicious macro. For example, malicious macros can leverage the VBA SHELL command to execute arbitrary code and the VBA KILL command to delete files from the HDD. VBA works within majority of Microsoft Office programs, including Excel,\u00a0<a href=\"https:\/\/www.solarwindsmsp.com\/products\/mail\/use-cases\/outlook-email-archive\">Outlook<\/a>, PowerPoint, Access, Word, Project, cloud-based Office 365, and more. The problem comes when malicious macros also use &#8222;AutoExec&#8220; to automatically start with an office application or &#8222;AutoOpen&#8220; to autorun the macro when the document is open.<\/p>\n<h3><b>How does this happen?<\/b><\/h3>\n<p>While recent versions of Microsoft Office have macros disabled by default, cybercriminals are using social engineering to convince users to turn on macros to allow their malware to run. Typically, macro malware is transmitted through phishing emails containing malicious attachments.<\/p>\n<p>Take Locky as an example. This was spread via email attachments containing Word documents that would have some scrambled text and a big headline saying you should enable macros to view the text properly. By doing this, cybercriminals were attempting to social engineer you into enabling macros because the data appeared incorrectly encoded. Even when macros were enabled, the text would remain the same, but in the background a small piece of code would save a file on your hard drive and execute it. The file saved is &#8222;Troj\/Ransom-CGX&#8220;, a downloader that delivers the final payload, which in this case is Locky. The ransomware payload is not embedded in the document, but it is later downloaded.<\/p>\n<p>The downloader connects to the internet and the final payload hits your computer, and Locky starts to scramble all your files that match a list of extensions, such as videos, images, documents or source code. If you are the lucky owner of a Bitcoin wallet, it encrypts that one too.<\/p>\n<p>Another action that Locky takes after infecting your computer is to remove your Volume Snapshot Service (VSS) files, a type of live backup file on Windows, and replace your wallpaper with its ransom notice.<\/p>\n<p>From here on you either pay up or wait for someone to release a decryption tool, as we saw in the case with CTB-Locker, Locky or TeslaCrypt.<\/p>\n<h3><b>How to help protect against macro malware<\/b><\/h3>\n<p>The question you need to be asking is not what do you do after your computer is infected with ransomware, but how can you stop it before it reaches your inbox in that attachment?<\/p>\n<p>The answer is simple\u2014be proactive! You filter the email and its attachments, leaving no room for the malware downloader and blocking it before it reaches your email server and\/or mailbox.<\/p>\n<p>Finally, always ensure macros are disabled on Microsoft Office applications, and don\u2019t open suspicious emails or attachments.<\/p>\n<h3><b>How does N&#8209;able Mail Assure help protect your email?<\/b><\/h3>\n<p>Normally we would reject the spam\/phishing email even before we scan it, because in the majority of cases we classify it as spam\/phishing before classifying it as malware. We do this by filtering email using a variety of filtering technologies.<\/p>\n<p>We also offer you the ability to take this one step further, giving you control to block attachments containing macros by default. Once this feature is enabled, emails received with document-based attachments (.doc, .xls, .ppt etc.) containing macros are rejected and quarantined by default.<\/p>\n<p>The N&#8209;able<sup>\u00ae<\/sup>\u00a0Mail Assure cloud-based email security helps your customers stay in control and protect their inbound and outbound email from email-borne threats.<\/p>\n<p><a class=\"ext\" href=\"\/products\/mail-assure\/trial\" target=\"_blank\" rel=\"noopener noreferrer\"><b>Start a free trial<\/b><\/a><b> today to experience N&#8209;able Mail Assure<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Macro-based malware attacks had fallen out a favor with hackers but are now very much back on the agenda. Mia Thompson looks at what companies can do to help protect&#8230;<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5099","post","type-post","status-publish","format-standard","hentry","topic-email"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to Stay Safe from Office Macro-Based Malware with Email Security - N-able<\/title>\n<meta name=\"description\" content=\"Macro-based malware attacks had fallen out a favor with hackers but are now very much back on the agenda. Find out more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security\" \/>\n<meta property=\"og:locale\" content=\"de_DE\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Stay Safe from Office Macro-Based Malware with Email Security - N-able\" \/>\n<meta property=\"og:description\" content=\"Macro-based malware attacks had fallen out a favor with hackers but are now very much back on the agenda. Find out more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-10T23:43:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-04-16T12:11:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Verfasst von\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Gesch\u00e4tzte Lesezeit\" \/>\n\t<meta name=\"twitter:data2\" content=\"4\u00a0Minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"How to Stay Safe from Office Macro-Based Malware with Email Security\",\"datePublished\":\"2020-02-10T23:43:07+00:00\",\"dateModified\":\"2021-04-16T12:11:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security\"},\"wordCount\":786,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"articleSection\":[\"Mail\"],\"inLanguage\":\"de\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security\",\"url\":\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security\",\"name\":\"How to Stay Safe from Office Macro-Based Malware with Email Security - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/de#website\"},\"datePublished\":\"2020-02-10T23:43:07+00:00\",\"dateModified\":\"2021-04-16T12:11:54+00:00\",\"description\":\"Macro-based malware attacks had fallen out a favor with hackers but are now very much back on the agenda. Find out more.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security#breadcrumb\"},\"inLanguage\":\"de\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Mail\",\"item\":\"https:\/\/www.n-able.com\/de\/blog\/category\/mail\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Stay Safe from Office Macro-Based Malware with Email Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/de#website\",\"url\":\"https:\/\/www.n-able.com\/de\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/de#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/de?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"de\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/de#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/de\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"de\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Stay Safe from Office Macro-Based Malware with Email Security - N-able","description":"Macro-based malware attacks had fallen out a favor with hackers but are now very much back on the agenda. Find out more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security","og_locale":"de_DE","og_type":"article","og_title":"How to Stay Safe from Office Macro-Based Malware with Email Security - N-able","og_description":"Macro-based malware attacks had fallen out a favor with hackers but are now very much back on the agenda. Find out more.","og_url":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2020-02-10T23:43:07+00:00","article_modified_time":"2021-04-16T12:11:54+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Verfasst von":"N-able","Gesch\u00e4tzte Lesezeit":"4\u00a0Minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"How to Stay Safe from Office Macro-Based Malware with Email Security","datePublished":"2020-02-10T23:43:07+00:00","dateModified":"2021-04-16T12:11:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security"},"wordCount":786,"publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"articleSection":["Mail"],"inLanguage":"de"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security","url":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security","name":"How to Stay Safe from Office Macro-Based Malware with Email Security - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/de#website"},"datePublished":"2020-02-10T23:43:07+00:00","dateModified":"2021-04-16T12:11:54+00:00","description":"Macro-based malware attacks had fallen out a favor with hackers but are now very much back on the agenda. Find out more.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security#breadcrumb"},"inLanguage":"de","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/de\/blog\/how-stay-safe-office-macro-based-malware-email-security#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Mail","item":"https:\/\/www.n-able.com\/de\/blog\/category\/mail"},{"@type":"ListItem","position":2,"name":"How to Stay Safe from Office Macro-Based Malware with Email Security"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/de#website","url":"https:\/\/www.n-able.com\/de","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/de#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/de?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"de"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/de#organization","name":"N-able","url":"https:\/\/www.n-able.com\/de","logo":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/de#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/de#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"de","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/comments?post=5099"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/posts\/5099\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/de\/wp-json\/wp\/v2\/media?parent=5099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}