MSGID: 2:221/360.0 5e84c02a
REPLY: 56.fido-internet@1:3634/12 22e9cf0b
PID: JamNNTPd/OS2 1.3 20191227
TID: GE/2 1.2
CHRS: UTF-8 2
TZUTC: 0300
On 01/04/2020 9:36 a.m., mark lewis : August Abolins wrote:

 AA>> Obviously, the macro in the original .xls file relied on Excel
 AA>> functions to run a macro to fetch a bot from a website and launch
 AA>> the payload.

ml> yep... this is why the setting to allow macros and/or executing startup
ml> macros should be OFF these days...

OFF seems to the default in Excel 2007:

 [+] Disable all macros except digitally signed macros This setting is the same
as the Disable all macros with notification option, except that if the macro is
digitally signed by a trusted publisher, the macro can run if you have already
trusted the publisher. If you have not trusted the publisher, you are notified.
That way, you can choose to enable those signed macros or trust the publisher.
All unsigned macros are disabled without notification.

I wonder what the setting is for newer editions of the Office progs.  Maybe the
..bot kiddies are targeting a version that allows full functionality unless
disabled.  Sneaky buggers.

--- TB68.4.1/Win7
 * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
SEEN-BY: 1/123 90/1 103/705 154/10 203/0 221/0 1 6 360 226/30 227/114
SEEN-BY: 229/101 426 452 1014 240/5832 249/206 317 400 280/464 5003
SEEN-BY: 288/100 292/854 310/31 317/3 322/757 342/200 396/45 423/81
SEEN-BY: 423/120 712/848 770/1 2452/250
PATH: 221/360 1 280/464 229/426