Common Sense Guide to Viruses: Macro Viruses

Introduction
Macro Viruses are one of the biggest threats to corporate entities today. Any business using Microsoft Word 95/97 faces the risk of an extremely powerful macro being sent to them encoded in a word document, which can then cause havoc. Recently there has been a large amount of publicity about a macro virus named "Melissa", this is exactly the kind of danger any Word user faces. Therefore, please take the time to read this document.

Originally, macros were a feature that allowed a user to, for example, press a certain key combination and their address would appear on the page. With the evolution of software, and the consequent overlap between programming tools, word processors, and desktop publishers, macros now have an enormous number of commands: as many, in fact, as the application itself. Nearly all of Microsoft Word's commands can be executed by a macro. This means that files can be opened, modified, and then saved by the macro. This is not limited to Word files, but includes important system files vital for the function of your computer. Any programmer with knowledge of Visual Basic can easily write a macro, one that can seriously harm your computer.

About the Document
You can download an example document here. The following is what is contained in it. This document is designed to alert you to the possibilities and capabilities of macro viruses: embedded in it is a macro that opens one of your start-up files (that is, one of the files your computer runs every time it starts), and copies it. It then closes it and creates a new text file, pastes the contents of the start-up file into it, and also inserts a new line into it. (The macro is deliberately designed so as not to modify your actual start-up file, as this would have a disastrous effect: instead it makes the copy and modifies that instead). The new line added would be executed the next time you restarted your computer, and would then render it unusable, as it deletes a file without which your computer cannot start. Your only solution would be to find another version of that file, or format (wipe) your hard disk completely and reinstall all your programmes, something which would mean you lost all your data and would cost you an inordinate amount of time. The file output by the example macro in this document has been saved on the root of your hard disk under the name of "MacroVautoexec.txt", which you can open from within any word processor. It is quite safe to delete this file.

Macro Virus Prevention
When users exchange information, they spread viruses: this is how viruses propagate. For example, if you send any e-mail with an attached file, or copy a file onto a floppy disk and give it to someone you could potentially be spreading a virus. Macro viruses are easier than most to detect, due to the fact that when you open a document with an embedded macro, Word asks you whether you would like to enable macros. If you have even the faintest suspicion that the document might contain a harmful macro, simply disable macros. Make sure that the "Always ask before opening documents with macros or customizations" is ticked, as this is your only real protection against macro viruses. An up to date virus checker is advisable, as these can detect some macro viruses, (although not all, as more are being written all the time). These are available from various companies: I recommend Network Associates (owners or Dr. Solomon's, McAfee and so on). Their web address is http://www.mcafee.com/ (McAfee).

The Word document, when you open it, will first tell you that the document has been reserved by me. It is pass-worded against modification to make it difficult for people to modify this warning maliciously. Click open as "Read-Only". Word will then ask you whether you want to enable macros in the document. This is entirely up to you. The macro embedded will not damage your computer in any way: it will simply create a file on your hard disk which can safely be deleted. Also, if you enable the macro, the document will open and you will see a message in large red letters. Scroll up from this to the top of the document to read the information about macro viruses (it's as in these pages). If you decide to disable macros in the document because you don't trust this e-mail (and I don't blame you), then you will still be able to read the information contained in the document. For those who cannot open Word documents (or are really cautious), I have provided the RTF file. This contains no macro, but can be opened in most popular word processors.

General Advice on Viruses

Macro Viruses

E-mail Viruses (& Hoaxes)

Notes & Disclaimer

Links

Macro Viruses

A brief synopsis of what they are, and what they are capable of. Visual Basic macros are currently some of the most powerful and widespread viruses.

If you use Microsoft Word 95 or later, this is a must read.

E-mail Viruses

Many "virus warnings" get forwarded around the net... However: which ones are true, and which are just hoaxes?

Find out what viruses can actually spread to your computer from e-mails.

General Advice

There are many things you can do to avoid having the problems of a virus on your computer system.

Here is some general advice on virus prevention, mostly to do with the Internet.

Notes & Disclaimer

Here are a few notes on the documents that are on this site, and those that are downloadable.

Also, please read the disclaimer here: it involves limitation of liability on my part on your usage of the information provided here.

Links

Some general links to different virus checker software companies, other information on viruses, and sites which provide up to date information on viruses which are new.