07.18.18

The most common malware affecting Microsoft Office – and how to avoid it

If you work with documents, spreadsheets and presentations, chances are you rely on Microsoft Office. According to Redmond Magazine, there were 25 million consumer subscribers to Office 365 – the cloud-based counterpart to traditional Office – alone, as of March 2017, with many more users on older versions such as Office 2013 and Office 2007 they need a Microsoft office update.

Office is an important productivity booster, thanks to its many convenient features for automating tasks, formatting text and images and collaborating on projects. At the same time, its popularity has long made it a magnet for malware.

The design of Office-specific threats has evolved over the years, but users still face the same risks of having their PCs infected and their data compromised. Comprehensive online protection is vital for staying safe amid the numerous risks in the current landscape

Microsoft Office malware: Past, present and future

In 1999, a piece of malware nicknamed Melissa spread rapidly across the world via emailed Word documents. It took advantage of one of the most useful capabilities in Word – macros, which are time-saving sets of commands that can be saved and executed later. Corrupted macros can instruct a PC to perform actions making it vulnerable to cyber criminals.

The macros angle for malware became less popular after 2001, when Office began shipping with more built-in safeguards against the abuse of automated actions (i.e., users had to approve any unsigned macros embedded in their documents). It enjoyed a revival in the 2010s when paired with spear-phishing and other social engineering schemes proved effective in bypassing these protections.

More recently, phishing has become the linchpin of a new campaign targeting PowerPoint presentations. Starting with an email, the sequence progresses to the execution of XML and JavaScript code, resulting in the PC being hijacked by remote command-and-control infrastructure that can log keystrokes and deliver additional malware, too.

Looking ahead, we should expect similar attack vectors to become more common, not only via email but through other channels such as social media. The New York Times documented the massive scale and meteoric rise of social media phishing in May 2017.  One security vendor mentioned in its assessment found that social media was a much more effective platform for phishing than email, with open rates of 66 percent and 30 percent, respectively.

PC.Is your PC at risk from malware targeting MS Office?

Tips for staying safe when using Microsoft Office

Awareness of possible risks is the most important step in reducing your exposure to malware in Office or any other platform commonly targeted by spear-phishing. Prevention of infection is much easier if you know how to spot a malicious email and avoid opening it in the first place, instead of struggling to return to normal after the fact.

“Prevention of infection is much easier if you know how to spot a malicious email.”

Look for typos, requests for payments and claims that the sender is a representative of a U.S. government agency. All these characteristics are red flags that should signal to you to take no further action.

Additionally, you might consider disabling macros and custom scripts if you do not regularly rely on them in Office 2019. A good place to start is this official straightforward guide released from Microsoft on turning off macros. You will be less vulnerable to automated attacks this way.

Antivirus software and online security programs can also help lower your risk. Tools such as Ultimate Internet Security from Total Defense are ideal for securing your online transactions, shielding your identity and automatically blocking messages that may be preludes to a spear-phishing attempt.