Locky malware, lucky to avoid it (Microsoft)

Discussion in 'malware problems & news' started by ronjor, Feb 24, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
  2. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    301
    Location:
    Swiss
    LOL... :argh:

    Macros are in general disabled in Office by default, I guess it's widely known that this is dangerous to enable it.

    To suggest to enable signatures as a workaround is not really smart because that is also fakable. I would better not use it or if it's really necessary because you're on a business environment then you should look for alternatives or completely make the switchover to enum or constant T (within e.g. C++).

    The thing is that macros are not debuggable, it can lead in side effects (like malware/performance), they usually not having any namespace and many more.
     
  3. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,988
    Location:
    Brasil
    I though Macro-running was automatic o_O

    So these Macros run in Word? Hm. Maybe Microsoft could set Word to automatically accept only trusted Macros. I mean, they know Word is vulnerable, so why not?
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Macros by default are disabled in all the latter versions of Word. In a business environment, you would use Group Policy to ensure that they could not be user enabled. However, there are business environments that do use macros for daily operations ....................
     
  5. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    301
    Location:
    Swiss
    Let macros die.... :(....:p

    Reminds me on several win2k/xp macro related attacks ... oohhh the time ... :isay:


    PS: Locky also comes with Javascript (or some versions of them), so ensure you enabled noScript and only use whitelist. But from what I know all AV's even defender got already updates to detect it, so should be no problem (for now). ... :cool: ... what's next new activex attacks ..... :argh:
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
     
Loading...