Microsoft has warned users of the company's Office applications suite about a new wave of macro viruses that tricks people into downloading malware.
The attack vector mimics the Word macro viruses of the 1990s, but with an even more deadly payload.
Microsoft explained that the problem involves the combination of social engineering and malicious macros.
"Attackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigation investments in Windows," said the company in a Microsoft TechNet blog post.
"Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. We recently came across a threat that uses the same social engineering trick but delivers a different payload."
Microsoft explained that the payload's primary purpose is to change a user's browser Proxy Server setting, which could result in the theft of authentication credentials or other sensitive information.
"We detect this JScript malware as Trojan:JS/Certor.A. What's not unique is that the malware gets into the victim's computer when the victim clicks the email attachment from a spam campaign," the post said.
Microsoft added that people really ought not to click on links from people or companies that they do not know or trust.
"To avoid attacks like we have just detailed, it is recommended that you only open and interact with messages from senders and websites that you recognise and trust," explained the firm.
"For added defence-in-depth, you can reduce the risk from this threat by following [our] guidance to adjust the registry settings to help prevent OLE Embedded Objects executing altogether or running without your explicit permission."
There was a surge in Word macro viruses in the middle to late 1990s as the increasingly widespread use of Microsoft Office combined with the provision of internet access to office workers for the first time.
This led to an explosion in email-borne malware exploiting vulnerabilities in Microsoft's software.
The company warned earlier this year of the return of similar kinds of malware, this time exploiting PowerShell.
Also, what's a USB stick?
Gravitational waves become extremely weak by the time they reach the Earth and require highly sensitive equipment for detection
The reactor topped out at 100 million° C
Cosmic event will not cause any disruption on Earth, say scientists