back to article Cybercrooks amp up attacks via macro-enabled XLL files

Cybercriminals are once again abusing macro-enabled Excel add-in (XLL) files in malware attacks at a vastly increased rate, according to new research. HP Wolf Security revealed that .xlam files are now the seventh most commonly abused file extension in Q3 2023, rising 35 places from 42nd on the list in Q2. XLL attacks aren't …

  1. mark l 2 Silver badge

    Whether MS Office is inherently insecure is up for debate, but the fact that Microsoft Office has a virtual monopoly for office software in businesses mean that these sort of things are going to come up time and time again. Software mono cultures are a bad thing. Windows and Office are such as huge target for criminals attacking businesses as they know they are 99% likely to be using one or both products.

    1. Paul Crawford Silver badge

      Whether MS Office is inherently insecure is up for debate

      Oh I think that debate was settled year ago

  2. sitta_europea Silver badge

    "...seemingly benign Microsoft Office documents..."

    There's no such thing.

  3. david 12 Silver badge

    Microsoft's 2022 intervention

    Visual Basic for Applications (VBA) macros, which are now blocked by default courtesy of Microsoft's 2022 intervention, a move that was seen at the time as long overdue.

    Jesus Mary and Joseph, am I the only one here who uses VBA macros? VBA macros have been blocked by default for decades now. The "2022 intervention" added another form of blocking, and an extra step of unblocking.

  4. Andy The Hat Silver badge

    And still ... they come

    It must be 30 years or more since the first office macro malware. It was considered a stupid idea to let "data" have access to any feature outside the immediate application then and, surprisingly, it still is now.

    So why is "data" still allowed vectors to break out of the application?

    Is it so a new macro system can be introduced in one version and a disable button introduced in the next as a "latest and greatest new feature"?

    1. david 12 Silver badge

      Re: And still ... they come

      a stupid idea to let "data" have access to any feature

      From the very beginning, a primary use case for PC's was mail-merge -- word processing and database.

      Every text processing system I used, back from my mainframe days, through my minicomputer days, into my PC days, had macro ability and database connectivity (although in many cases "database" was just a tape or a file). It wasn't just unix that worked by linking small utilities together -- DOS 1 included "edlin" and "sort" and "find", with documentation on how to use those tools to manage data and create reports.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like