PowerSniff Malware Attacks Abuse Macros, PowerShell

In a bid to keep you our valued staff and students informed. Here is a new malware attack dubbed "POWERSNIFF" that has been discovered by researchers in semi-targeted attacks aimed at users in the United States and some European countries.

The experts examined 1500 spam emails that were sent to their recipients. Once the mail with attached documents is opened, a malicious macro embedded in the file attempts to invoke the Windows Management Instrumentation (WMI) service, which is used to create a hidden instance of PowerShell, the automation tool used by many system administrators. Since macros are disabled by default in Office to prevent abuse by malware, users might have to explicitly allow the malicious macro to run, unless they changed settings to allow macros to run by default.

Read more from this link http://answers.mak.ac.ug/security/powersniff-malware-attacks-abuse-macros-powershell