by Graham Chantry on September 17, 2014
Earlier this year, Principal Researcher at SophosLabs, Gabor Szappanos (Szappi) published an excellent paper, "VBA is not dead", on the re-emergence of Visual Basic code in malicious documents.
In his paper, Szappi discusses the sudden surge in VBA samples as well as the change from a traditional document infecting payload to other malicious means - namely, executable 'dropping'.
Our most recent detection statistics show that this trend is on the rise. The percentage of macro based malware rose from around 6% of all document malware in June, to 28% in July (by contrast, 58% of document malware used known exploits).
So why have malware authors turned to Visual Basic to do their bidding?
Well, VBA has a few advantages over the more popular approach of using known exploits.
Full Article
From the Labs: VBA is definitely not dead - in fact, it's undergoing a resurgence
Userlevel 7
+54
Userlevel 7
Interesting article on VB cyber criminals going back to the basic applications which originally started to exploit the users.
Userlevel 7
+54
by Pierluigi Paganini on September 23rd, 2014
The experts discovered different VBA downloader templates, which contain VBA code and the instructions for the authors of VBA Malware on how to package their malicious code and how to obfuscate it.
VBA malware is largely used cyber threat actors due the possibility to rapidly change their code to implement new evasion techniques, the exploits have a rigid file structure that makes it difficult to apply any change, for the same purpose, without affecting functionality.
Full Article
Security experts at Sophos have detected a surge in cyber attacks based on VBA malware, such threats are still very insidious but often underestimated.
Experts at SophosLabs observed a surge in VBA malware, according their analysis macro-based malware accounted for 28 percent of all malware attack detected in July, up from just six percent in June, despite 58 percent of the attacks used known exploits.The experts discovered different VBA downloader templates, which contain VBA code and the instructions for the authors of VBA Malware on how to package their malicious code and how to obfuscate it.
VBA malware is largely used cyber threat actors due the possibility to rapidly change their code to implement new evasion techniques, the exploits have a rigid file structure that makes it difficult to apply any change, for the same purpose, without affecting functionality.
Full Article
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.