Macro virus (computing)

From Wikipedia, the free encyclopedia

In computing terminology, a macro virus is a virus that is written in a macro language. They were largely problems because rather than create a new function to perform macros, some software vendors connected the macro writing functions in their software to the same computer language that they used to write that same software. Because of this, anyone with knowledge of that particular programming language can code a program that will launch immediately when the file is opened on a computer. "Documents" with macro viruses are actually templates in disguise since documents cannot have macros. This is why people are told not to open attachments in e-mail because of the danger of embedded macros. It recommended that anti-virus software is used and kept up to date.

Contents 1 Macro Virus Fundamentals 2 How Macro Viruses Work 3 Recognizing a Macro Virus Infection 4 Common Macro Viruses 5 References

[edit] Macro Virus Fundamentals

Macros are a series of commands and actions that help to automate tasks performed on a regular basis. A computer macro virus is a virus that infects documents and templates, not programs. A macro virus takes advantage of the macro programming language built into applications such as Microsoft Word or Excel. This also includes files on other platforms such as Macintosh. (Microsoft Corporation, 2006, WD: Frequently Asked Questions…) In 2004, macro viruses accounted for approximately 75% of all viruses. (Webopaedia, 2004) A macro virus differs from a worm in that worms do not attach themselves to other programs or files. A worm is a computer program in itself. (The Trustees of Indiana University, 2006)

[edit] How Macro Viruses Work

A macro virus can be spread through email attachments, discs, networks, modems, and the internet. (Microsoft Corporation, 2006, WD: Frequently Asked Questions…) Uninfected documents contain normal macros. Most macros start automatically when a document is opened or closed. A common way for a macro virus to infect a computer is by replacing normal macros with the virus. The macro virus replaces the regular commands with the same name and runs when the command is selected. In this case where the macro is run automatically, the macro is opened without the user knowing. (Computer Incident Advisory Capability, 1998) Once you open a file that contains a macro virus your system is infected. It will begin to embed in all other documents and templates, as well as future ones created. As you share these documents encoded with the macro virus, the virus can be passed onto other users. A Microsoft Word macro virus can infect files on Windows as well as the Macintosh platform. (Microsoft Corporation, 2006, WD: Frequently Asked Questions…) This is how a macro virus spreads. A well known example of a macro virus is the Melissa Virus from 1999. A document was created with the virus in it and anyone who opened it would ‘catch’ the virus. The virus would then send itself by email to the first 50 people in the person’s address book. This made the virus replicate at a fast rate. (How Stuff Works, Inc, 2006)

[edit] Recognizing a Macro Virus Infection

There are different ways in which one can recognize a macro virus. If a person is familiar with the macros that are supposed to be on a computer, then one can check through the macros on a computer and look for ones that he or she does not recognize. A person can research on the internet for names of macros that are known to be a part of a macro virus, such as AAAZAO, AAAZFS, AutoOpen, FileSaveAs, and PayLoad. If these macros are found on a computer, then it is a sign that the computer has been infected. (Microsoft Corporation, 2006, WD: Frequently Asked Questions…)

For those that are not familiar with macros, the best way to recognize if a computer has been infected is to look for unusual behavior and symptoms of a macro virus. There are three common symptoms of a macro virus. First, a person may be prompted for a password when opening a file that does not have a password. Second, a computer may save a document as a template without the user instructing the computer to do so. Last, a macro virus can cause strange error messages, such as ‘Just to prove another point’ or ‘This one’s for you, Bosco’. A macro virus can move words in your document and replace them with a random word such as ‘WAZZU’ at various locations. (Microsoft Corporation, 2006, WD: Frequently Asked Questions…)

It is important to constantly update antivirus programs and to be sure to have advanced antivirus software installed on a computer.

Digital signatures and certificates of authenticity are important tools in protecting against macro viruses. They identify the company or source that has created the download. A certificate of authenticity can be issued by various authorities and holds information in a secure form. A digital certificate can then be used to sign programs, controls, and documents. Digital signatures and certificates are used to establish trust. Information is displayed before the file is downloaded about the person who has the certificate and also about the certifying authority. A person can then decide whether to download a file based on the reputation of the authority. (Microsoft Corporation, 2006, Introduction to Security)

Many computer systems have security features that should be used. For example, often there is a setting that will prompt a person when opening a file that contains macros. If this feature is turned on, then a dialog box will be displayed when you open a file that gives you the option to enable macros or disable macros. This will let a person know that there are macros within the file and it will give the person a chance to evaluate the source of the file before opening the file. Internet browsers have security options as well. This means that a person can change the security level. A medium setting will always prompt the user before downloading potentially dangerous content. Any program or control that does not have a digital signature will not be downloaded.

Lastly, most home users and many business users don't use advanced feature such as macros. For them, the best protection is to turn off the scripting language that runs macros. This will prevent any type of macro from running on your computer (whether virus or not). Since most documents don't contain macros, this will protect your computer without negatively affecting normal use. Always protect your computer from this virus.

The following taken from www.microtech.doe.gov

To disable scripting manually, perform the following steps:

Click "Start".

Click "Settings".

Click "Add/Remove Programs".

Click the "Windows Setup" tab.

Double-click "Accessories".

Uncheck "Windows Scripting Host".

Click "OK".

Click "OK".

Please note that, if you use this procedure, you may need the Windows CD to restore Windows Scripting.

[edit] Common Macro Viruses

•Concept Virus

•Melissa Virus

[edit] References

• Computer Incident Advisory Capability. (1998) Information Bulletin: Macro Virus Update. Retrieved June 18, 2006, from the World Wide Web: http://www.ciac.org/ciac/bulletins/i-023.shtml

• How Stuff Works, Inc. (2006).How Computer Viruses Work. Retrieved June 18, 2006, from the World Wide Web: http://www.howstuffworks.com/virus2.htm

• Microsoft Corporation. (2006). Introduction to Security. Retrieved June 18, 2006, from the World Wide Web: http://office.microsoft.com/en-au/assistance/HA010450711033.aspx

• Microsoft Corporation. (2006). WD: Frequently Asked Questions About Word Macro Viruses. Retrieved June 18, 2006, from the World Wide Web: http://support.microsoft.com/kb/187243/en

• The Trustees of Indiana University. (2006). What are computer Viruses, Worms, and Trojan Horses. Retrieved June 18, 2006 from the World Wide Web: http://kb.iu.edu/data/aehm.html

• Webopaedia. (2004). Macro Virus. Retrieved June 18, 2006, from the World Wide Web http://www.pcwebopaedia.com/TERM/M/macro_virus.htm

• Macro Virus from Security News & Information http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=33338