This article is more than 1 year old

MS IDs new Word macrovirus

Microsoft's turned up a new malicious Word macro doing the rounds.

In this blog post, Redmond says it got its hands on a document containing a form built from malicious VBA scripts.

“The VBA modules look like legitimate SQL programs powered with a macro; no malicious code found there … However, after further investigation we noticed a strange string in the Caption field for CommandButton3 in the user form”, the post says.

The string turned out to be an encrypted URL. Word's default autoopen() module runs the VBA project when the file is opened, and the macro decrypts the URL and downloads the now-defeated Locky ransomware. ®

More about

TIP US OFF

Send us news