Thursday, 31 March 2016

Enable this New Setting to Secure your Computer from Macro-based Malware 2016

Posted by Sufyan Hacker  |  at  02:00:00

secure-windows-computer 






A Macro is a series of commands and actions that help to automate some tasks. Microsoft Office programs support Macros written in Visual Basic for Applications (VBA), but they can also be used for malicious activities like installing malware.

Hackers are cleverly using this technique on the shade of social engineering by sending the malicious Macros through doc file or spreadsheet with an eye-catching subject in the mail to the corporate networks.

Once a user opens the malicious Word document, the doc file gets downloaded to its system. However, danger comes in when the user opens the file, and a popup window appears that states "Enable Editing" to view the content.
microsoft-office-macro-protected-view
Once the users click Enable Editing, the malicious file then begins to perform the notorious activities in the system such as to get embedded into other doc files to proliferate the attacking rate that results in crippling your system network.

All those actions would depend upon payload program defines inside the Macro.

Dridex and Locky are Warning Bells!!!


No other incidents could get you the clear picture on the potential threat of Macro viruses apart from Dridex Malware and Locky Ransomware. Both malware had made use of the malicious Macros to hijack systems.

Over 20 Million Euro had been stolen from the UK banks with the Dridex Malware, which got triggered via a nasty macro virus. The infectious bar of Locky ransomware had also seen an exponential growth in a couple of hours.

How to Protect Yourself from Macro-based Malware?


Step 1: Configure Trusted Location

Block-Macros-Office
Since disabling Macros is not a feasible option, especially in an office environment where Macros are designed to simplify the complex task with automation.

So, if your organization relies on Macros, you can move files that use Macros into the company’s DMZ (Demilitarized Zone), also called Trusted Location.

To configure the trusted location, you can navigate via:
User Configuration/Administrative Templates/Microsoft Office XXX 20XX/Application Settings/Security/Trust Center/Trusted Locations
Once configured, the Macros that does not belong to the trusted location would not run in any way, beefing up your system’s security.

Step 2: Block Macros in Office Files that came from the Internet

microsoft-office-macro-security
Microsoft had recently unveiled a novel method by implementing a new tactical security feature to limit the Macro execution attack in MS Office 2016, ultimately preventing your system from hijacking.

The new feature is a group policy setting that lets enterprise administrators to disable macros from running in Office files that come from the Internet.

The new setting is called, "Block macros from running in Office files from the Internet" and can be navigated through the group policy management editor under:
User configuration > Administrative templates > Microsoft Word 2016 > Word Options > Security > Trust Center
It can be configured for each Office application.

By enabling this option, macros that come from the Internet are blocked from running even if you have 'enable all macros' in the Macros Settings.

Moreover, instead of having the option to 'Enable Editing,' you'll receive a notification that macros are blocked from running, as the document comes from an Untrusted Source.

The only way to run that particular Office file is to save it to a trusted location, allowing macros to run.

Tagged as:
About the Author

I'm a Sufyan Minhas 16 Years Old Young Boy From Lahore Pakistan. I'm a WebMaster of the Pkhackingtricks.blogspot.com. Blogger and SEO Expert. Love to serve myself by sharing Tutorials, Tips Tricks about Internet, Computer Search Engine Optimization, Blogging Ideas. Facebook Account: https://www.facebook.com/HaCkeRnCraCkeR ..

0 comments:

Subscribe
Get our latest posts directly in your email inbox.Click on RSS

Google+ Badge

Followers

Copyright © 2016 Hacking Tips and Tricks Designed By Sufyan Hacker
back to top
' type='text/javascript'/>