Subj : another one phishing for a bite
To   : mark lewis
From : August Abolins
Date : Wed Apr 01 2020 07:24 pm

On 01/04/2020 9:36 a.m., mark lewis : August Abolins wrote:

 AA>> Obviously, the macro in the original .xls file relied on Excel
 AA>> functions to run a macro to fetch a bot from a website and launch
 AA>> the payload.

ml> yep... this is why the setting to allow macros and/or executing startup
ml> macros should be OFF these days...

OFF seems to the default in Excel 2007:

 [+] Disable all macros except digitally signed macros This setting is the same
as the Disable all macros with notification option, except that if the macro is
digitally signed by a trusted publisher, the macro can run if you have already
trusted the publisher. If you have not trusted the publisher, you are notified.
That way, you can choose to enable those signed macros or trust the publisher.
All unsigned macros are disabled without notification.

I wonder what the setting is for newer editions of the Office progs.  Maybe the
...bot kiddies are targeting a version that allows full functionality unless
disabled.  Sneaky buggers.

--- TB68.4.1/Win7
 * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)

.