back to article Dangerous resurgent banking malware hits UK

The formidable Dyreza and Dridex banking malware are back in renewed and rejigged macro-based campaigns that includes a shift by the former to target industrial supply chain organisations and by the latter to smash the UK. Both malware instances are dangerous. Dyreza is a powerful man-in-the-browser bank trojan whose creators …

  1. Your alien overlord - fear me

    Isn't it about time someone launched a class action against Microsoft for including VBA/macros in their Office suite? How many billions have been swiped because of it?

    1. Anonymous Coward
      Anonymous Coward

      Don't know why you are being down voted as the risks are well publicised, the UK Government has stated that macros are now strictly forbidden. It's been a security risk for years on the scale of NPAPI and ActiveX.

      https://www.gov.uk/guidance/open-document-format-odf-guidance-for-uk-government/avoid-macros-in-documents

      1. h4rm0ny

        I'd guess they're being downvoted because Microsoft would be damned by the business world if they removed them and calling for a class action suit for something MS are themselves trying to get businesses to move away from. MS have provided a replacement for VBA and it's been in Office for a little while now. You can use Office Webapps to do most of what you'd legitimately want to do in Office and security controls are built into them from the ground-up. You create a manifest XML file which can lock down everything from whitelisting external servers it can connect to (if any), whether it can access contacts list, access controls, you name it. And by scanning the manifest file you can both know exactly what a webapp can and can't do and this is also enforced by the system, it's not just a label. If a webapp tries to do something it's declared that it can't, it's blocked from doing so. The tools are all actually there. Getting a large body of legacy users to ditch everything and move forwards - now that's the difficult part and MS would kill their customer base by trying to force the issue. You link yourself to guidance on not using Macros. The OP isn't being downvoted for advocating not using VBA, they're being downvoted for placing the blame on Microsoft / Office.

        MS have actually done pretty much everything that could have reasonably done without removing VBA support from Office. By default, VBA macros wont run, you get pretty clear warnings if you try. And it actually tracks the source of VBA macros and treats them differently so it knows if one is, say, just from some document you downloaded from online / got from an email. Indeed, this latter is a step beyond what LibreOffice does where you could equally insert macros into documents.

        Basically, place blame where it should be and use modern tools, not old legacy ones. Nobody should be churning out VB macros in an enterprise environment anymore and those who have them should be migrating away from them. But then how long did it take to get enterprise to move away from XP with its vastly inferior security model to Windows 7? Or to move from IE6/7/8 to the much more secure and standards compliant 9/10/11 ? In both cases, MS had to practically hold a knife to their customer's throats to actually get them to shift. Calling for a class action suit against MS because of this is just silly and the OP is rightly downvoted for doing so.

        1. Anonymous Coward
          Anonymous Coward

          @H4rm0ny

          Fair point, probably a bit too much misdirected bile from the OP masking the truth that nobody should be using these.

          However if a manufacturer does put something into a product that inherently weakens it's security for the sake of convenience then it must take some portion of culpability, recently Chrysler being a good case and point. With the scary advent of the IOT I think software houses and manufacturers need to have a greater degree of product liability.

          How else are we going to force companies to take it more seriously ?

          This is a genuine question for serious debate folks and please not a bun throwing exercise.

          1. h4rm0ny

            >>"However if a manufacturer does put something into a product that inherently weakens it's security for the sake of convenience then it must take some portion of culpability"

            Well possibly, but VBA was introduced to Office in 1993, about twenty-two years ago. Email was something I accessed by Pine back then and if I wanted to surf the web I did it with Mosaic or maybe Netscape. The world in which it was introduced was a very different one from today.

            And like the other poster said, you have to click through two message boxes that all but tell you "Go Back! This is Dangerous!". The ultimate secure system is one that does nothing and can't be accessed. At which point do you say the user is an idiot / technically illiterate? Or do we say that you can't build code that interacts with Office documents?

    2. Elmer Phud

      Better stop people using browsers then?

      1. Anonymous Coward
        Anonymous Coward

        LMFTFY

        Or browsers that still use ActiveX and NPAPI.

    3. Anonymous Coward
      Unhappy

      But to be fair, you have to ignore the bloody massive warning box you get to enable Macro's AND the one to enable downloaded content but yes people are that dumb.

  2. Anonymous Coward
    Anonymous Coward

    Huh?

    "downloads spam botnet compentry."

    Compentry?

  3. amanfromMars 1 Silver badge

    IT is not nearly so simple and infinitely more catastrophically engaging .....

    ..... and creatively destructive .... perfectly disruptive.

    The attackers use Word macros to compromise phished users in what is an old-attack vector that has gained latent popularity.

    Ye Olde New Hearts and Minds WMD ...... NEUKlearer HyperRadioProActive Bombe ....... Enhanced Radiation Weapon (ERW) ‽

    And shared as an exclamatory question lest a bold statement of the fact be bombarded uselessly with attacks based in fictions from factions assuming and presuming to be in remote virtual command and relatively anonymous practical control of SMART and SMARTR SCADA Systems and within Global Operating Devices in Elite Executive Administration .‽ :-) Poe's Law Rules.

    And a Special Forces and Sources SkunkWorks Operation for the likes of Directorates of Digital Innovation and PLA Unit 61398s .‽ :-)

    AI New Space and Times, No Old Rule Regulation.‽ :-)

  4. ecofeco Silver badge

    Just ran into this last week

    A PC on our network got flagged with this and I had to clean it.

    The first thing I noticed was the OS hadn't been updated in some time and no type of clean up ever run either.

    After that it was just the tedious chore of making sure the A/V I used was current and then wait for it.

    Fixed.

    But guess where it was? Yeah, GB.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020