The use of a document macro to deliver malware is an old idea in computer security that has seen a revival in the last year. Back in 1999 and 2000, macro viruses, including the ILOVEYOU and Melissa viruses, infected millions of users. Microsoft took steps in 2007 to limit the ability of macros in Microsoft Office, but attackers in 2014 still found ways to exploit users by way of macros. Multiple security vendors, including Sophos and Cisco, reported an increase in macro viruses in 2014.
Macros are disabled by default in Microsoft Office, and when a macro is present in the document, users are notified by the software before anything is loaded, Mendrez explained. The group behind the malicious Dridex spam campaign is using social engineering tactics in hopes that a small number of people will open the malicious document and enable the macro manually.
While up-to-date antivirus software is always a good idea, attackers are constantly modifying malware to make it undetectable.