deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/intelligence/macro-malware.md
imba-tjd 5bde60c9d7 Remove en-us from url
2019-08-20 20:12:38 +08:00

3.1 KiB
Raw Blame History

title, ms.reviewer, description, keywords, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, ms.author, author, manager, audience, ms.collection, ms.topic, search.appverid
title ms.reviewer description keywords ms.prod ms.mktglfcycl ms.sitesec ms.localizationpriority ms.author author manager audience ms.collection ms.topic search.appverid
Macro malware Learn about macro viruses and malware, which are embedded in documents and are used to drop malicious payloads and distribute other threats. security, malware, macro, protection, WDSI, MMPC, Microsoft Malware Protection Center, macro virus, macro malware, documents, viruses in Office, viruses in Word w10 secure library medium ellevin levinec dansimp ITPro M365-security-compliance article met150

Macro malware

Macros are a powerful way to automate common tasks in Microsoft Office and can make people more productive. However, macro malware uses this functionality to infect your device.

How macro malware works

Macro malware hides in Microsoft Office files and are delivered as email attachments or inside ZIP files. These files use names that are intended to entice or scare people into opening them. They often look like invoices, receipts, legal documents, and more.

Macro malware was fairly common several years ago because macros ran automatically whenever a document was opened. However, in recent versions of Microsoft Office, macros are disabled by default. This means malware authors need to convince users to turn on macros so that their malware can run. They do this by showing fake warnings when a malicious document is opened.

We've seen macro malware download threats from the following families:

How to protect against macro malware

  • Make sure macros are disabled in your Microsoft Office applications. In enterprises, IT admins set the default setting for macros:

  • Dont open suspicious emails or suspicious attachments.

  • Delete any emails from unknown people or with suspicious content. Spam emails are the main way macro malware spreads.

  • Enterprises can prevent macro malware from running executable content using ASR rules

For more tips on protecting yourself from suspicious emails, see phishing.

For more general tips, see prevent malware infection.