Microsoft warning over malware that exploits security holes in Word

Remember Word macro viruses? This is even worse

Microsoft has warned users of its Office applications suite about a new wave of macro viruses that is tricking people into downloading even more pernicious malware.

The new attack vector mimicks the Word macro viruses of the 1990s, but with an even more deadly payload.

The company suggested that the problem involves the use of social engineering, combined with maliciously written macros.

"Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigation investments in Windows," said the company in a Microsoft TechNet blog post.

"Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. We recently came across a threat that uses the same social engineering trick but delivers a different payload."

Microsoft explained that the payload's primary purpose is to change a user's browser Proxy Server setting, which could result in the theft of authentication credentials or other sensitive information.

"We detect this JScript malware as Trojan:JS/Certor.A. What's not unique is that the malware gets into the victim's computer when the victim clicks the email attachment from a spam campaign," the post said.

Microsoft added that people really ought not to click on links from people or outfits that they do not know or trust. This is good, if perhaps hoary and often ignored, advice.

"To avoid attacks like we have just detailed, it is recommended that you only open and interact with messages from senders and websites that you recognise and trust," explained the firm.

"For added defence-in-depth, you can reduce the risk from this threat by following [our] guidance to adjust the registry settings to help prevent OLE Embedded Objects executing altogether or running without your explicit permission."

In the mid-to-late 1990s, there was a surge in Word macro viruses as the increasingly widespread usage of Microsoft Office, combined with the provision of internet access to office workers for the first time, led to an explosion in email-borne malware exploiting Microsoft software's insecurities.

Earlier this year, the company warned of the return of similar kinds of malware, this time exploiting Powershell.