In other words, once you authorise a macro to run, you effectively authorise it to install and launch any other software it likes, including malware, without popping up any further warnings or download dialogs.įortunately, macros are turned off by default, so the crooks have to convince you to turn them back on after you open their malicious documents.Įxcuses they’ve used include needing to enable macros “for security reasons” (they mean for insecurity, of course), and to change character sets to make documents legible, like this sample that delivered the Locky ransomware:īy the start of 2016, many crooks were steadily shifting their infection strategy as the world began to realise that enabling macros was a really bad idea. Macros can be full-blown programs as powerful as any standalone application, and they can not only read and write files on your C: drive and your local network, but also download and run other files from the internet. The problem with macros, however, is that they aren’t limited to adapting and modifying just the document that contains them. In 2015, most ransomware arrived in Word documents containing what are known as macros: script programs that can be embedded in documents to adapt their content in real time, usually as part of your company’s workflow.
0 kommentar(er)
