Where’s the Macro? Malware authors are now using OLE embedding to deliver malicious files

Discussion in 'malware problems & news' started by ronjor, Jun 15, 2016.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    https://blogs.technet.microsoft.com...ing-ole-embedding-to-deliver-malicious-files/
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Like an embedded macro, the user will be prompted to allow the script activity. To "idiot proof," just follow MS's recommendation:

    Prevention and recovery recommendations
    Administrators can prevent activation of OLE packages by modifying the registry key HKCU\Software\Microsoft\Office\<Office Version>\<Office application>\Security\PackagerPrompt.

    The Office version values should be:

    • 16.0 (Office 2016)
    • 15.0 (Office 2013)
    • 14.0 (Office 2010)
    • 12.0 (Office 2007)

    Setting the value to 2 will cause the to disable packages, and they won’t be activated if a user tries to interact with or double-click them.

    The value options for the key are:

    • 0 – No prompt from Office when user clicks, object executes
    • 1 – Prompt from Office when user clicks, object executes
    • 2 – No prompt, Object does not execute
    You can find details about this registry key the Microsoft Support article, https://support.microsoft.com/en-us/kb/926530
     
Loading...