Solved

The return of macro viruses

Posted on 2016-08-08
3
23 Views
Last Modified: 2016-08-27
Macro viruses used to be widespread around 2003-2008. Then, they seemed to disappear.  Now it seems in the last year or two that they are back. What was the driver for this?
0
Comment
Question by:furuno
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points (awarded by participants)
ID: 41747797
actually the largest growth has been in ransomware virus's as the payload. Anti-Virus detection is pretty good these days and a macro that can access .net runtime can be scanned forever and nothing untoward will be found. One must always be vigilant about any macro enabled document and ensure that it comes from a known safe sender or safe location. Macro Execution is disabled unless the file is from a trusted location and you have had a chance to 'enable macros'.. I've turned off script execution in adobe reader/acrobat for years by default for this reason as well. Not many pdf's need to execute scripting.

The last major macro virus was Melissa in 1999 and due to the security policies in effect at that date it was on a tear and Microsoft had to shut down incoming email to try and stem the tide.

Many experts here on EE will not run any macro enabled documents.
0
 
LVL 2

Author Comment

by:furuno
ID: 41747923
Thanks David for that helpful response.

"Anti-Virus detection is pretty good these days"

Why do you say that?
0
 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 41772820
FWIW, the anti-virus community is pretty proactive and updates are daily or more often.  The problem being that most ransomware sends out unique payloads so the # of uniques is on the rise. Unfortunately this defeats signature based AV
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question