Nothing like a nice game of Sudoku to calm your nerves at the office? Think again. Security software provider, Sophos Ltd. is warning fans of the popular puzzle that some Microsoft Excel-based Sudoku generator spreadsheets may contain malware-laden macros.
“It sounds perfectly reasonable doesn’t it?” according to Richard Wang, Sophos security expert. “Generating Sudoku puzzles requires a program; to run the program requires macros.”
In his post in the official Sophos blog, Naked Security, Wang said the attackers are even providing puzzle users with simple instructions on how to turn on the macro:
Once the user bypasses the security measures, they are free to work on the puzzle. Unfortunately, while the user is enjoying the Sudoku, the macro is installing malware in the targeted machine, said Wang.
Macros are used to make a sequence of computing instructions available to a programmer as a single statement. Keyboard and mouse macros allow sequences of keystrokes and mouse actions to be transformed into shorter commands.
Attackers using macros are not a numerous as they used to be especially after Microsoft disabled macros by default to crack down on macros-base malware. However, Wang said, macros as still commonly used and Microsoft Offices has Visual Basic for Applications, accessible from Office documents as macros.
The malware collects system information, network information, a list of all the programs and services running on the machine as well as data on hardware, operating system and patches.
The snooped data, Wang said, is encoded and mailed out to an aol.com address.