Microsoft has announced the addition of Excel 4.0 XLM macro detection to its Antimalware Scan Interface (AMSI). As AMSI was previously only focused on Visual Basic for Applications (VBA), cybercriminals responded by shifting to using mainly Excel 4.0 XLM macros to deliver malware through Excel spreadsheets. Excel 4.0 XML macros were introduced in 1992 and had not been widely used for many years, but were still supported for legacy spreadsheets. This shift allowed many malicious Excel files to bypass AMSI and run with very few detections by anti-virus products. This update to AMSI should address and put a stop to that prolific problem.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is