What does a macro virus infect?
As a virus is simply a program, it must be loaded by the operating system for it to be able to carry out its actions. This is the reason why viruses only infect executable files. Even if a virus infects a text file, as this file is not executable, the virus cannot take control of the computer and therefore cannot be activated.
Macro viruses have changed all this. The increasing capacity of some applications such as word processors, spreadsheets, etc. has led developers to incorporate an interesting function: macros. A macro is a set of instructions that the program (word processor or spreadsheet, for example) can interpret and execute.
Therefore, if viral code is inserted in a macro, this code will be executed by the program, giving the virus access to the control of the computer.
This means that files handled by these programs (documents, spreadsheets, etc.) can contain viruses and infect other files of the same type.
An additional risk from this type of virus is that they are run ‘inside’ a program. This means that if the program is multiplatform (it can be run on different operating systems), the virus will also be multiplatform, increasing the range of files it can infect.
Macro viruses take advantage of a characteristic that is usually included in programs that allow macros to be used. The MS-Word program presents a clear example of this. This program handles two file types: documents and templates. Templates are used to define generic documents and simplify work with documents, as it is not always necessary to start from the very beginning when creating similar documents.
In MS-Word, it is the templates that can contain macros. The problem lies in the fact that, by default, all documents are based on a template called NORMAL.DOT. This template contains a macro that is automatically executed as soon as it is opened.
Virus creators take advantage of this characteristic. By infecting the macro that is automatically executed, the propagation of the virus is ensured, as it will infect every document that is opened.
As explained above, viral macros are executed and infect all documents opened. It is then the documents that transmit the infection.
One of the most dangerous characteristics of macro viruses is their rapid propagation. For example, an infected document on a company network to which different people have access can infect all of the company’s documents in an extremely short space of time.
As this type of file is very frequently exchanged by e-mail, these viruses can spread throughout the world at astonishing speeds.
Although they are not generally believed to be harmful, these viruses can cause a lot of damage, as much as that caused by any boot or file virus.
The best defense against macro viruses is to have a good IT security solution protection installed. This way, if you attempt to open an infected document, the automatic protection will warn you and cancel the operation, eliminating the risk of infection.
Given the ease with which this type of virus can spread by e-mail, it is also advisable to install an IT security solution that scans incoming e-mail when it is received and before the message is opened.
For more information about viruses consult the Virus Encyclopedia, on the Panda Software website (www.pandasoftware.com/virus_info/encyclopedia).