Excel documents, Word and PowerPoint are, en muchos casos, the most sent files via email. Cybercriminals have realized this and have found a way to exploit it, through Phishing-type attacks that contain such document attachments, an easy target if we do not pay attention and open files without verifying them.
In these circumstances, the latest achievement is to evade detection techniques of antimalware programs. McAfee researchers have discovered a new technique that downloads and executes malicious code without it being contained within the attachment.
Criminals have spread malware using this mechanism around the United States, Canadá, Spain, Japan and Malaysia, According to early indications. This malware, coming from a banking Trojan called ZeuS, is known for aggressively using Office files with macros as an attack vector and thus stealing credentials.
The operation is simple. The criminals send a Word file that opens a protected Excel document from a remote server. Then, the Word file reads the contents of the Excel cells downloaded and writes content. Once everything is written and ready, the Word file edits a registry to disable the Excel Macro Use Alert and it is that macro that actually attacks the computer, through the execution of the Trojan.
Given the significant intrinsic risk in files with macros, macros are normally disabled, es por eso que el primer paso de este ataque es forzar la activación de las macros, de forma oculta.
Los documentos maliciosos han sido y siguen siendo un gran foco de ciberataques. Por eso, es importante verificar que los documentos que recibimos provienen de fuentes legítimas.