Threat Analysis Unit Network Security

Evolution of Excel 4.0 (XL4) Macro Weaponization Presentation

What is Virus Bulletin?

Virus Bulletin (often abbreviated as “VB”) is a magazine devoted to the discussion of malware and spam and has been around over 30 years. It is the forum in which security researchers and professionals discuss and share new directions in both the development of and protection against malware and spam. VB’s annual conference is almost as old as the magazine and has traditionally takes place in late September or early October each year.

VB2020 Localhost

Why Attend VB2020?

As always, this year’s VB conference covers a broad spectrum of topics by some of the most talented security researchers in the world. Included in the agenda is a paper published by three members of our VMware Threat Analysis Unit discussing how the weaponization of XL4 macros in Excel has evolved.

Excel 4.0 (XL4) macros have become increasingly popular for attackers, as many security vendors struggle to play catchup and detect them properly. This technique provides attackers with a simple and reliable method to get a foothold on a target network, as it simply represents an abuse of a legitimate 30-year-old feature of Excel and does not rely on any vulnerability or exploit to be successful.

Register to attend VB2020

Like many conferences this year, VB2020 has gone virtual and anyone can register and virtually attend this year. There is no cost to attend. Join James Haughom, Stefano Ortolani, and Baibhav Singh as they share their malware research with thousands of other researchers.