Discovering Effective Methods to Immediately Thwart Macro Viruses

In the digital age, cyber-attacks are a constant concern for organisations worldwide. One such threat that has been gaining traction is macro-based malware, which is often spread through email campaigns. These malicious files are typically disguised as documents that the user would want to modify, enticing them to enable macros.

One example of such malware is Adnel, a macro that downloads and runs files on your PC when you open an infected Microsoft Office file. On January 23rd, 2015, when no anti-malware engines were detecting Adnel as a threat, document sanitisation was used to neutralise it. This incident underscores the importance of considering document sanitisation as a crucial step for preventing macro-based malware from entering an organisation through email attacks.

Document sanitisation involves stripping out any potentially dangerous macros while leaving behind the safe file content. This method can prevent known and unknown macro-based threats from entering an organisation. Researchers at OPSWAT demonstrated its effectiveness by converting an Adnel malware sample to other safe file types and then scanning the resulting files with Metascan Online, which showed the sanitised files to be free of malware.

Employees play a vital role in defending against these threats. They should be aware of certain cyber-attack trends, such as social engineering, which can induce the user to enable macros using manipulation tactics. Proper training can equip employees to not open malicious email attachments or enable macros in any documents that come from unknown sources.

By default, any Office documents that are opened as an email attachment have macros and editing disabled, requiring the user to actively choose to enable them within the document. Measures to block or remediate emails containing potential threats include blocking email attachments from unknown sources with dangerous file types, scanning attachments with multiple antivirus engines, and sanitising email attachments to remove unknown threats.

The mobile malware epidemic is another cyber-attack trend that organisations should be aware of. However, this article focuses on the growing threat of macro-based malware and the effectiveness of document sanitisation in combating it.

Tony Berning, Sr. Manager at OPSWAT, sourced the information about the effectiveness of document sanitisation in preventing macro-based malware. The Dridex botnet and Adnel and Tarbir malware have shown a resurgence in malware embedded as macros within Microsoft Office Documents. Trend Micro's Trend Labs have also observed an increase in macro-based malware against the UPATRE malware in malware attached to spam emails.

While information about companies or organisations currently implementing document sanitization measures to defend against macro-based malware in emails was not readily available, designing a good email security policy within an organisation is essential to protect against email attacks using macro-based malware.

In conclusion, macro-based malware poses a significant threat to organisations, but with the right measures in place, it can be effectively combated. Document sanitisation, when used correctly, can neutralise these threats, making it a crucial component of any robust email security policy.