Malicious Macros for Script Kiddies

This blog-style technical guide explains the resurgence and abuse of Microsoft Office VBA/macros as an attack vector: it describes social-engineering methods to trick users into enabling macros, automatic Office event handlers for initial execution, and provides concrete VBA, Win32 and COM code examples for host reconnaissance, downloading and executing payloads, and evasion/obfuscation techniques including AMSI considerations.