28 February 2015
For some month reports about macro viruses are constantly appearing in the IT press. Although the latest report, ‘Macro viruses reemerge in Word, Excel files’, published by Michael Heller on the TechTarget platform SearchSecurity at 24 February 2015, could make us feel somewhat insecure, there is in my opinion no reason to panic.
From the statistics created by security firm Kaspersky, we see that attackers used Microsoft Office in 1% of all cases for the distribution of exploits in 2014. In total Kaspersky products detected and neutralized 6.167,233,068 cyber-attacks in 2014. This means that Word or Excel were used in 61,763,330 cyber-attacks, 2.3 times more than in 2013.
Sounds anything but dangerous. Moreover, we are better prepared than 15 years ago, when macro viruses were most popular. Many protection measures are common sense, but sometimes it’s good to recap.
With that, I suggest:
- Please make sure that your anti-malware program is always up-to-date.
- Configure Macro Settings in Microsoft Office Trust Center. Choose ‘Disable all macros with notification’ as default:
- Use Windows Update to keep Microsoft Office and Windows up-to-date with the latest patches.
- On 64 bit Windows please activate ‘enhanced Protection Mode’ in Internet Explorer. This will force Windows to run Internet Explorer in Container Mode at low integrity level. In addition, please download all files to the default download location.
- Enable SmartScreen Technology in Internet Explorer. Malicious files are downloaded from malicious sites. SmartScreen Technology supports you by blocking downloads from known malicious sites.
- Try working with standard user rights. This limits the impact of an attack to the operating system
- The last and perhaps the most important rule: Think twice before you click on a word or excel file stored in an untrusted site. As a rule of thumb the entire Internet is an untrusted site, and of course all email attachments.
There’s really no need to panic. Macro viruses are no rocket science. The available protection measures are enough to deal with this old stuff.
Have a good weekend!