Dangerous Macros: how ZEROSPAM deals with them and protects your emails
Macros. The ease of use and power they bring to the table they are almost universally used by companies. Through them, a whole variety of actions, a simple variation of a document, a new edition of a document, a pre-designated folder.
The dark side of the Macros
Unfortunately, the near-ubiquity of macros in a business setting has long been noticed by the spammer community as well. Spammers can design documents at first glance might appear to be published How do they do this? Macros. Not all macros are created equal. Some, like those that add a serial number, only impact the working document. Other macros leverage more powerful features that interact directly with the computer, by writing data to the disk (like our PDF) or by calling up another program.
It is these two types of macros that pose a major security risk. While they can be powerful productivity-enhancers, they do not have the ability to write a computer code. What's more, macros can be set to auto-execute. This is another handy feature of the world, which means that it can become dangerous in the hands of a bad actor.
So we have the final portrait of Dangerous Macros : macros that will auto-execute and that will also execute code and / or write to the disk. And that danger spells RANSOMWARE . True, there are some legitimate use-cases, but so much ransomware is being sent using these macros that they should simply be banned.
ZEROSPAM's solution to Dangerous Macros
Email security services have been known for a long time that Microsoft Office documents, especially the versions prior to 2007 (when Microsoft started adding to the name of the extension to indicate the presence of a macro) have been used to propagate ransomware. Many providers banned them at that point. The problem is that many companies still use these formats. So what do you do with Macros?
ZEROSPAM has found the key. Microsoft Office documents containing macros will go through them unless they meet the following criteria: This way, the vast majority of legitimate documents are still going strong.
Recognizing that documents containing macros are dangerous or not likely to be safe and effective.