Hello, welcome to the Monday, February 8, 2021 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

And if you have been watching exploits and malware for a while, you probably noticed that even old attacks often still work and

tend to come back occasionally.

Xavier ran into an interesting piece of macro malware that actually tried to revive a technique

that had been used by the Melissa Worm back in March of 1999.

The technique here is to use Visual Basic for Applications or VBA to disable certain menus in the application,

to alter the applications menu.

Now, the malware that Xavier ran into it tried to disable certain security features that a user

could possibly enable. Apparently that didn't work, but Xavier kept playing with it and was able

to at least disable selected menus,

like for example, copy and cut,

which often is disabled in order to prevent people

from copying data from a spreadsheet into another document.

I've got an update to a story that I believe I originally covered back in January about a month ago, but it has been coming back, so I figure good to update you on it.

It's related to the Google Chrome extension Great Suspender. This particular extension is supposed to suspend activity in

windows that are currently not visible. And the goal here, of course, is to save battery, save

CPU power. But as it has happened, sadly, quite frequently, this was a very popular extension, over 2 million downloads,

and well, the developer then sold it to a new entity, and the new entity that purchased the extension started to add malicious features to the extension, essentially exfiltrating data.

And actually, that was first noted in a GitHub comment to the crate suspender back in November.

Well, the update now is that Google finally got around to mark this extension officially as malicious,

so it should no longer be downloadable.

...