Macro viruses

Macro viruses

What does a macro virus infect?

Since a virus is nothing more than a program, for it to do anything it must be loaded by the operating system. This is the reason why viruses only infect executable files. No matter how much a virus infects a text file, as this file is not executable, the virus can never take over control of the computer and therefore cannot be activated.

Macro viruses have changed all that. The ever growing capacity of some applications such as word processors, spreadsheets, etc. have led their developers to incorporate an interesting function: macros. A macro is a sequence of instructions that the program in question (word processor or spreadsheet, for example) can interpret and execute.

Therefore, If virus code is introduced into one of these macros, this code will be executed by the program, thereby giving the virus access to the control of the computer.

What this means is that files handled by such programs (documents, spreadsheets, etc.) are capable of containing viruses and infecting other similar files.

An additional risk from this type of virus is that, given their character, they are run ôinsideö a program. This means that if the program in question is multiplatform (that is, it can be run on different operating systems), then the virus will also be multiplatform, thus increasing the range of files it can infect.

How does a macro virus infect?

Macro viruses take advantage of a normal characteristic of programs in which macros are used. The MS-Word program presents a clear example of this. This program basically handles two file types: documents and templates. Templates are used to define generic documents and so simplify work with documents, as it is then not always necessary to start from the very beginning with similar documents.

In MS-Word, it is the templates that can contain macros. The problem lies in the fact that, by default, all documents are based on a template called NORMAL.DOT. This template contains a macro which is executed automatically as soon as it is opened.

Virus creators take advantage of this characteristic. By infecting the macro that is executed automatically, the propagation of the virus is ensured, as it will infect every document that is opened.

How does a macro virus work?

As explained above, viral macros are executed and infect all documents opened. It is then the documents that take up the job of transmitting the ôinfectionö.

One of the most dangerous characteristics of macro viruses is their great speed of propagation. For example, an infected document on a company network to which different people have access, can infect all of the companyÆs documents in an extremely short space of time.

As this type of file is exchanged very frequently by electronic mail, these viruses can spread to anywhere in the world at astonishing speeds.

It is important to note that, although they are not generally believed to be harmful, these viruses can cause a lot of damage, as much as that caused by any boot or file virus.

How to protect yourself against macro viruses

The best defense against a macro virus is to have a permanent protection system installed. This way, each time an attempt is made to open an infected document, the permanent protection warns the user and cancels the operation, eliminating all risk of infection.

Given the ease with which this type of virus can spread by e-mail, it is also recommended to install an antivirus capable of scanning incoming e-mail upon reception prior to opening the message.