Secure your System by Enabling Settings against Macro Based Malware Attack

Screenshot from 2016-04-12 12:19:08You must be using MS Word on regular basis. Isn’t it. Are you aware about the vulnerabilities associated with MS Word. Even opening and accessing of simple .doc file can let you install malware on to the system. Especially, if the document is related to Bank invoice, Balance sheet and financial transaction bills. Actually Malware can make use of Macros to access the .doc files if your system is malware infected. If you are getting messages that reads “Warning, This document contains macros.” You need to be cautious before proceeding further. As a layman, you might be curious and eager to open the file without paying heed to warning message and simply click on OK to access the document with Macro File not realizing the fact that it might be infected with malware. this has been used for spreading Ransomware

Macro plays a vital role in executing commands that supports and written in Visual Basic Application (VBA). Although it is not harmful and have been intended to automate the task and make it more simpler for users. But nevertheless Macros can be misused by hackers for installation of malware and spyware on to the compromised system. They use Macro Code to run for malicious purposes and execution of it. There have been reports in the Cyber World, that now hackers are making use of Macros and attaching it along with .doc files targeting Corporate Sectors via emails. As soon as the infected doc is downloaded on to the system and is accessed, a pop-up appears that recommends editing of the file in order to be accessed. This is where all the trick works for hackers.

Read it:


Victim does not have slightest of information that their system is going to be hacked. As soon as users give the permission to enable the editing of the document, malware infected .doc file drops malicious codes that get spread to other documents and stored files thus compromising the security of the targeted Computer. Not only that, it can infect all other systems connected over the network.

Refer this:

The best example that can be quoted is Dridex Malware as well as Locky Ransomware that have been reported to target system using malware struck macros for carrying out the attack recently. Just to let users know about .locky Ransomware. It is one of deadliest ransomware that cripples the stored files by changing the files with .locky extension. It is spreading infecting at uncontrollable pace targeting 4000 system every hour. Just imagine how many users might have been its victim till now and the number is increasing. Recently, it has been reported that Dridex Malware siphoned more than 20 million Euros in UK based Bank and was triggered by Macro virus.

Thus one should be cautious against Macro Based Malware particularly if you work on Macros in Offices and other Organizations. It is better to move and save Macros to Trusted Location

the location path is given here

User Configuration/Administrative Templates/Microsoft Office XXX 20XX/Application Settings/Security/Trust Center/Trusted Locations

This will prevent running of Macros which are not found to be of Trusted Location as their source.

Once can also block and disable Macros that are coming from Internet Source as it might be malware infected and make your PC vulnerable. This has been also included in MS Office 2016, as Tactical feature to prevent any such threats from hijacking Computer systems. This feature can be availed in as group policy setting. By making use of this very feature the admin can limit and restrict the use of headers coming from Internet to run.


If you are using MS Office 2016, just look for “Block macros from running in Office files from the Internet” . This will block all the Macros that are coming from untrusted source. Only those files that are stored and come fro Trusted location will be allowed to Run.

User configuration > Administrative templates > Microsoft Word 2016 > Word Options > Security > Trust Center

This will definitely block the Macros coming directly from Internet as Source even if Macros have been enabled in settings.

This will prompt up a message that Macros are blocked and cannot run as it has come up from untrusted source.