back to article Q. What connects the global financial crisis, Ursnif malware, and Coldplay's Viva la Vida?

A piece of banking malware that first debuted more than a decade ago is once again wreaking havoc. Known as Ursnif, the malware has been spotted in the wild by Cisco's Talos security team, and is currently spreading in the wild via poisoned Word documents. The Talos bug-hunters say the Ursnif infection has been active for …

  1. Steve Davies 3 Silver badge

    So it is Windows only then...

    For the moment thet is.

    MS seems to be wanting us to run their 'stuff' on Linux and MacOS these days so I guess it won't be long before their 'stuff' is a common attack vector to all popular OS's...

    Things will get a lot worse.

  2. Anonymous Coward
    Anonymous Coward

    Macro Virus

    Wow...old school.

    Well, I have to thank the malware slingers here. I've wanted to filter out Office documents in the company spam filter for a long time.

    Now I have legitimate up to date ammo.

  3. The Original Steve

    Is this a thing still?!

    Can't remember the last time a version of Office allowed the execution of a macro in Word/Excel/PowerPoint etc without jumping through a number of prompts and hoops.

    Doesn't appear to be exploiting a bug, just that people will run arbitrary code from an untrusted source. Classic.

    Any modern / supported version of Office will stop this dead by default AFAIK.

    1. John Riddoch

      Re: Is this a thing still?!

      People are stupid - give them enough of a carrot to run untrusted code and they will. It's pretty easy to get macros enabled, usually only a couple of clicks (I've had to do it on legit documents where I need the macros enabled), so not a huge hurdle to get in. If you spam enough people, you'll find a few marks and the cost/benefit ratio soon makes it worthwhile.

    2. John Brown (no body) Silver badge

      Re: Is this a thing still?!

      "Can't remember the last time a version of Office allowed the execution of a macro in Word/Excel/PowerPoint etc without jumping through a number of prompts and hoops."

      And i many places, the users are being sent legit files with macros on a daily basis so it's ingrained into them to, on auto-pilot, click "yes" etc every time without even stopping to think. Or worse, change setting to default allow. And I still see files emailed to people in the same org because a) it's what they've always done and b) no one has shown them how to share files through the other options available and the admins won't or arn't allowed by manglement, to filter them on the mail server.

    3. Stuart Castle Silver badge

      Re: Is this a thing still?!

      How many people are running old versions of office though? It's an expensive purchase for small companies and individuals, and in either case, may well get pushed to the bottom of the pile for upgrades, as long as it still works, and still does what they need.

      You need to remember that the average computer user may only be vaguely aware of viruses. They are unlikely to think of them day to day. Yes, they may know they need to upgrade that little old machine running XP and Office 2003, but it does work, and they've a list of other stuff that needs their attention, so that little old machine sits there, happily running day in and day out, no one doing any major upgrade work, because it is working and they don't have the time.

      I work for quite a large IT user. We have a lot of staff dedicated to maintaining the IT infrastructure, and, as such, are at the opposite end of that spectrum, spending a *lot* of money each year to ensure that every patch released for every bit of software we support is fully tested, and deployed to all the relevant devices quickly.

      Note: I do believe that every computer user (I am not limiting this to Windows, although Windows is my primary concern) needs to ensure that they keep any computers and software they use up to date, but that isn't always practical, and for a lot of people, may not be their top priority.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like