A “blast from the past” surfaced recently among those who play Microsoft Excel-based Sudoku puzzles: malware spread by macros.
Spreading malicious code via macros was the rage among the digital underground in the late 1990s, so much so that Microsoft eventually disabled them by default.
But according to Sophos, someone’s found a way to get people to turn the macros back on to inject malware onto their machines and harvest a host of data. “Macros are still in common use, and the trick used here is quite simple: if you want to generate a puzzle to solve, you have to enable macros,” writes Richard Wang in a post. “It sounds perfectly reasonable, doesn’t it? Generating Sudoku puzzles requires a program; to run the program requires macros.”
Wang credits Peter Szabo from SophosLabs in Vancouver with the discovery.
To aid the infection, the malware writer[s] generate a “tip” letting people know how to enable macros. Once that’s done, while the user plays puzzles, “the installed malware gathers system information using some standard commands: ipconfig to get network information, tasklist for a list of all the programs and services you are running, and systeminfo to find out about your hardware, operating system and patches.”
The stolen information is encoded and sent to an aol.com e-mail address. It remains unclear how the malware initially enters a machine.