Fastbreak Spam Containing Word Macros

Posted by MailGuard Editor on 10 February 2015 03:34:00 AEDT

When you think of viruses coming through your email, you can bet that anything with an executable (.exe) file is sure to contain malware. A macro virus however, will not be as noticeable.

This recent run of emails contain what is known as a macro virus. Macros are an integral part of Word documents and are designed to automate repetitive tasks. They can be abused however, and in this case the virus writers have written a little "downloader" which downloads the real virus from a remote website. The macro is designed to be executed whenever you open the document in Microsoft Word.

The scammers are aware that most installations of Microsoft Word have the default settings set to not open macros, and they attempt to circumvent these default settings by enticing the end user to enable macros using instructions as depicted below:

Screen Shot 2015-02-09 at 14 32 02 (2)

By enabling macro content, you will then allow the virus to run.

Macro viruses can sometimes be missed by typical security software as the script itself can be easily obfuscated. Unfortunately, if you have scripted content enabled by default, it might take a while before your virus defences catch up and detect the threat.

You will not know if this file type (.doc) contains a macro until you click on it. Best practice is to always be wary when opening any attachments in an email that are coming from an unknown sender. If in doubt delete the email and the attachment straight away, especially if it asks you to alter your security settings in any way!

IT administrators can alleviate the threat by ensuring macros are disabled, and educating users not to enable them. User education is an integral part of virus defence, as cyber criminals prey on uninformed users.

For more tips on identifying viruses and malware, take a look at our blog Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.


Keep up to date with email scams affecting your business by subscribing to MailGuard’s weekly update.

Send Me Weekly Updates About Scams Like 'Macro Malware'!

 ^ Back to Top

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all