Macro viruses
What does a macro virus infect?
Since a virus is nothing more than a program, for it to do anything it must be
loaded by the operating system. This is the reason why viruses only infect
executable files. No matter how much a virus infects a text file, as this file is
not executable, the virus can never take over control of the computer and
therefore cannot be activated.
Macro viruses have changed all that. The ever growing capacity of some
applications such as word processors, spreadsheets, etc. have led their developers to
incorporate an interesting function: macros. A macro is a sequence of
instructions that the program in question (word processor or spreadsheet, for example)
can interpret and execute.
Therefore, If virus code is introduced into one of these macros, this code
will be executed by the program, thereby giving the virus access to the control of
the computer.
What this means is that files handled by such programs (documents,
spreadsheets, etc.) are capable of containing viruses and infecting other similar files.
An additional risk from this type of virus is that, given their character,
they are run ôinsideö a program. This means that if the program in question is multiplatform (that
is, it can be run on different operating systems), then the virus will also be
multiplatform, thus increasing the range of files it can infect.
How does a macro virus infect?
Macro viruses take advantage of a normal characteristic of programs in which
macros are used. The MS-Word program presents a clear example of this. This
program basically handles two file types: documents and templates. Templates are
used to define generic documents and so simplify work with documents, as it is
then not always necessary to start from the very beginning with similar documents.
In MS-Word, it is the templates that can contain macros. The problem lies in
the fact that, by default, all documents are based on a template called
NORMAL.DOT. This template contains a macro which is executed automatically as soon as
it is opened.
Virus creators take advantage of this characteristic. By infecting the macro
that is executed automatically, the propagation of the virus is ensured, as it
will infect every document that is opened.
How does a macro virus work?
As explained above, viral macros are executed and infect all documents opened.
It is then the documents that take up the job of transmitting the ôinfectionö.
One of the most dangerous characteristics of macro viruses is their great
speed of propagation. For example, an infected document on a company network to
which different people have access, can infect all of the companyÆs documents in an extremely short space of time.
As this type of file is exchanged very frequently by electronic mail, these
viruses can spread to anywhere in the world at astonishing speeds.
It is important to note that, although they are not generally believed to be
harmful, these viruses can cause a lot of damage, as much as that caused by any
boot or file virus.
How to protect yourself against macro viruses
The best defense against a macro virus is to have a permanent protection
system installed. This way, each time an attempt is made to open an infected
document, the permanent protection warns the user and cancels the operation,
eliminating all risk of infection.
Given the ease with which this type of virus can spread by e-mail, it is also
recommended to install an antivirus capable of scanning incoming e-mail upon
reception prior to opening the message.