deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 02:13:43 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Beth Levin
2018-07-27 13:29:44 -07:00
parent aaccf58736
commit 870eaca4c4
4 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
windows/security/intelligence/macro-malware.md
View File

@ -12,11 +12,11 @@ ms.date: 07/01/2018
---
# Macro malware
Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, Macro malware uses this functionality to infect your device.
Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, macro malware uses this functionality to infect your device.
## How Macro malware works
## How macro malware works
Macro malware hides in Microsoft Word or Microsoft Excel documents and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare you into opening them. They often look like invoices, receipts, legal documents, and more. Examples of filenames include:
Macro malware hides in Microsoft Word or Microsoft Excel documents and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more. Examples of filenames include:
- case number.doc
- e-ticket_79010838.doc
@ -26,11 +26,11 @@ Macro malware hides in Microsoft Word or Microsoft Excel documents and are deliv
- logmein_coupon.doc
- receipt_3458934.doc
Macro malware was fairly common several years ago because macros ran automatically whenever you opened a document.
Macro malware was fairly common several years ago because macros ran automatically whenever a document was opened.
However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince you to turn on macros so that their malware can run. They do this by showing you fake warnings when you open a malicious document.
However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince users to turn on macros so that their malware can run. They do this by showing fake warnings when a malicious document is opened.
If you are fooled into enabling macros in a document that contains malware, you could be infected. We've have seen macro malware download threats from the following families:
We've seen macro malware download threats from the following families:
- Ransom:MSIL/Swappa
- Ransom:Win32/Teerac
@ -41,13 +41,11 @@ If you are fooled into enabling macros in a document that contains malware, you
## How to protect against macro malware
These kinds of threats require users to enable macros.
Protect yourself and your organization by keeping an eye out for suspicious attachments and check your macro settings.
- Check if macros are disabled in your Microsoft Office applications. In enterprises, IT admins set the default setting for macros:
- Make sure macros are disabled in your Microsoft Office applications. In enterprises, IT admins set the default setting for macros:
- [Enable or disable macros](https://support.office.com/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e-174f-47e2-9611-9efe4f860b12) in Office documents
- Dont open suspicious emails or suspicious attachments
- Dont open suspicious emails or suspicious attachments.
- If you get an email from someone you dont know, or an invoice for something you dont remember buying, delete it. Spam emails are the main way macro malware spreads.
- Delete any emails from unknown people or with suspicious content. Spam emails are the main way macro malware spreads.
For more general tips, see [prevent malware infection](prevent-malware-infection).