Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggests they may be shifting gears and beginning to use another proprietary Microsoft technology to deliver threats.
Attackers have been placing malicious code alongside object linking and embedding (OLE) code, along with well-formatted text and images. According to researchers with Microsoft who observed the behavior, it’s being done to trick users into enabling the object or content and in turn, running the malicious code.
OLE technology allows for the facilitation of content, images, text, from elsewhere, usually by another application. If a user wants to edit the embedded data they can allow Windows to activate the originating application and load the content.