Using Data Sanitization to Block Malicious Macros & More

A new ransomware called PowerWare was recently identified by researchers at Carbon Black. This threat is spreading through phishing emails containing Microsoft Word documents embedded with malicious macros. We have seen a few examples of this threat uploaded to our public site, where users can scan files, hashes and IP addresses for threats.

Documents with these types of macros, which are written in PowerShell scripting language, are examples of unknown threats. OPSWAT's MetaDefender Core is designed to prevent this type of attack by using data sanitization. The philosophy behind data sanitization is to proactively remove any components from files that have the potential to be malicious, even if a threat has not been detected. For more details on how this works, you can check out several posts from our data sanitization series:

  1. Part 1 - The Case for Data Sanitization
  2. Part 2 - File Structure Alterations
  3. Part 3 - Active Content Curing

When combined with OPSWAT's MetaDefender Email product, data sanitization can be used to prevent these types of phishing attacks from compromising an organization's security. MetaDefender Email allows any incoming email attachments to be scanned for threats and can sanitize document files that may contain embedded threats. Once sanitized, the new version of the file is delivered to the recipient for safe use.

For some examples demonstrating how data sanitization can remove threats from office documents, here are three examples of scan results from, showing both the threats found in the original documents as well as the threat free sanitized documents.

Word Doc Example #1

PDF Example

Word Doc Example #2

Word Doc Example #3

Data sanitization allows organizations to safely receive documents while preserving the usability files. By using data sanitization, the hospitals recently hit by ransomware attacks, could have prevented the attack from ever entering their organization. If you are interested in learning more about this technology, check back on our blog soon for the 4th part of our data sanitization series.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.