Macro-Enabled Word and Excel Files Are Bad News


    Many, many years ago, Microsoft enabled the ability to create macros in its Office products. On the surface, macros are great and can help automate a lot of tasks in the programs to make life and processes quicker and easier. As the abilities of the macro language have expanded in Word and Excel to include some very powerful features, virus writers have taken advantage of that fact and used them as delivery mechanisms for all sorts of nastiness. They have taken to using them in attempts to infect your computer via web sites and email. So the question becomes: How can you tell a macro-enabled Word or Excel file from a regular file?

    This is going to be a bit technical, but bear with us. In Office 2007, Microsoft changed their file formats and extensions, debuting the DOCX, XLSX, and PPTX as the default file format for Word, Excel, and PowerPoint, replacing the old DOC, XLS and PPT file formats it had been using for years. The old file formats could harbor malware (which is why we don’t recommend messing with those, either) so Microsoft split its file formats into two forms starting with Office 2007 and adding an “X” or “M” to the file type: DOCX and DOCM with the latter designated as the file type to contain Macros (standard DOCX, XLSX, and PPTX files cannot contain macros when saved).

    So really, unless you’re expecting the file or it’s a known good file stored on your network, you really don’t want to open DOC, XLS, PPT, DOCM, XLSM, or PPTM files (or really about 50 other file types, but that’s another story).

    The problem? Out of the box, Windows doesn’t make it super obvious what type of file it is because it hides the file extensions/types (which is fine, for the most part, as you don’t want to see them most of the time). However, it does change the file icons, depending on the type of file you’re looking at.

    So here are the icons for three different file types – can you guess which ones you shouldn’t open?


    Figure it out? Here’s the answer:


    If you enable visible file extensions, you’ll see the different types of documents.


    Long story short, be wary. We’ve seen DOC and DOCM files come into people’s email disguised as resumes, invoices, faxes, purchase orders, etc…, when in reality, they’re malware-carrying bombs waiting to go off the minute you open it. Get some good email protection, content filtering and good anti-virus to help prevent this stuff from getting to your network in the first place. But if it does get there, make sure you can recognize and toss it out before it becomes an issue.

    Comment : 0

    Leave a Reply

    Your email address will not be published.


    - A Team That Supports Your
    People, Not Just Your Technology