Once upon a time, Visual Basic macros were one of the prevailing forms of malware. Visual Basic for Applications (or VBA) is used to automate functions, and make programs like the Word and Excel much more powerful. The problem is, when you allow code to execute within a program you also open up the possibility that it can be used for malicious code.Thanks primarily to efforts by Microsoft to lock down the Microsoft Office applications to prevent malicious VBA code from running, VBA has plummeted as a malware threat. In fact, it is considered to be more or less extinct.According to new research from Gabor Szappanos, a Hungarian researcher with Sophos Labs, the rumors of the death of VBA malware are seriously exaggerated. In a white paper published in Virus Bulletin, Szappanos describes how VBA is still alive and kicking—it has just evolved in how it is used by malware developers. “In the past couple of months, we have observed the resurgence of malicious VBA macros—this time, not self-replicating viruses, but simple downloader Trojan codes,” explains Szappanos. The security controls put in place by Microsoft basically prevent self-replicating VBA macro viruses from executing or spreading without user intervention. Since Office 2007, VBA macros are disabled by default. The new scourge of VBA malware seeks to entice the user into enabling the VBA macros option, thereby unwittingly granting permission for the malicious code to run.Szappanos provides extensive details and screenshots within the white paper, analyzing threats that have been discovered, and breaking down, step-by-step, how the attacks work. One thing is clear from the analysis, the attack itself is not—and does not have to be—very sophisticated. Social engineering is a much simpler method of achieving goals that would be challenging, if not impossible to do through exploit code alone. The paper ends with this warning from Szappanos. “Finally, a piece of advice: there is no justification as to why the content of a document can only be displayed properly if the execution of macros is enabled. If you receive a document with this advice, be aware: you are probably being attacked.” Related content news VTech hack exposes personal information of millions of customers By Tony Bradley Nov 30, 2015 3 mins Data Breach Cyberattacks Internet Security news An encryption back door won’t actually help intelligence agencies By Tony Bradley Nov 24, 2015 4 mins Internet Security Data and Information Security news Damballa warns that the enemy may already be in your network By Tony Bradley Nov 23, 2015 3 mins Data Breach Cyberattacks Internet Security news Vera partnership gives Dropbox comprehensive data security By Tony Bradley Nov 05, 2015 3 mins Dropbox Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe