'Office macro exploits only cool thing Visual Basic used for,' quips securobod
31 Dec 2014 at 11:30, John Leyden
The dangers of allowing Office macros have been underlined by a newly discovered attack against European and Israeli companies.
Malicious Office macros were used as the launchpad of the so-called RocketKitten attacks presented at this year's Chaos Communication Congress hacking conference (stream here, relevant material starts around 20 minutes in). The technique is nothing new and still effective - even though it has been around for years and is straightforward to block.
Visual Basic for Applications (VBA) is one of the easiest methods to deliver malware nasties: simply by dropping malicious code into an Office doc as a macro and attaching to an email. The victim would be lured by a plausible pretext into opening an Office file attachment delivered to them by email.
Full Article
