Viruses | << | >> |
In MSWORD Macros can be executed from the following places:
Auto Macros: These are the Macros, which get executed automatically. There name starts with 'Auto' as in AutoOpen, AutoClose etc. They automatically get executed with the associated activity.
Most Used Macros: The Macros like File Save, File Save As look familiar as these functions appear on the Menu. However the functionality of these functions is replaced by using the macro of the same name. Thus, on activation of the associated function, the macro automatically gets the control. Used by viruses like WM97.IMPOSTER, WM.CAP etc.
Startup file: If any Dot file with macros is copied in startup, it gets executed when word is opened. Once again gives control to the macros over there.
Add Ins: Some small VB programs can be written complied & called through Add-Ins (Plug-Ins). These can be automatically called.
This Document: Each word file has default Macro called "This Document". A word file without this macro cannot open. By modifying this & writing a macro here gives it a call when word is opened. WM97 class, Groovi, Marker, Melisia etc uses this technique.
To spread it-self & infect other files most macro viruses infects the global template (NORMAL.DOT). This ensures the control to the virus on every execution of MS-WORD. Thereafter each & every document gets infected.
Once the Macro Virus gets the Control it in tun calls the Macros designed with certain payload. The table explains some of the word macro viruses, their payloads and the macro used by them.