C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
New malware in old Excel skins
Why worry about making a new malware trick when you can tweak an old Excel spreadsheet to do the job for you? Hackers are now doing just that: They are using new techniques to leverage their attacks based on a feature over 25 years old called Excel 4.0 (XLM macros). Despite the age, this feature is probably still compatible with the more modern Excel variant on your computer. It’s a minority approach as most malicious documents are based on VBA macros. But, the Excel 4.0 approach has the advantage that it is not detected by most antivirus vendors. This technique is used in fileless attacks where there is actually no payload to detect. Instead, it uses a powershell command to download the malicious payload into memory and subsequently execute it. Microsoft is Mr. Nice Guy (and that’s a problem) It’s a problem with Microsoft taking a soft approach to backwards compatibility. Microsoft stated in “Working with Excel 4.0 macros” that “Although Microsoft Excel still supports Excel 4.0 (XLM) macros, we encourage you to migrate them to the latest version of Microsoft Visual Basic for Applications (VBA)”. They also mention that they still support backward compatibility for this feature: “If you decide you’re not ready to migrate, you can still run Excel 4.0 macros.” They just don’t mention the increasing adoption of this feature for malicious purposes. Like all security concerns, backwards compatibly is a luxury that always comes back to haunt you.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.