Macro Virus
What is a Macro Virus
A Macro is an instruction that carries out program commands automatically. Programs like Word Processing, Spreadsheet and slide presentation make use of macros. If a user unwittingly runs a macro virus, it can then copy itself into that applications start-up file. The computer is now infected. Meaning any document on that machine using the same infected program will be infected.
If the infected computer connects to the Internet or Network, the infection is likely to spread quickly to anyone else by email, floppy disk, CD-ROM. The infection will only end if or when the virus is detected and removed.
Macro viruses are the most common type of viruses. Prior to the macro virus era, creating a virus required some knowledge of assembly language or other complex programming languages. Today, almost anyone can write a macro virus using the macro language, which uses English-like commands.
Some dangerous things a Macro Virus can do besides simply spreading might be to delete/change document contents, change settings in the Word environment, set a password, delete files, copy a DOS Virus to the user’s system or insert harmful lines into the config.sys or autoexec.bat files.
A Macro Virus can be called stealthy when it tries to trick the user into believing it is not present, or makes changes in Word for example in order to protect itself from being deleted.
If the user believes he has a virus, he can use the Tools|Macro command in the menu to see what macros are present in the system, and the viral macros would be revealed. One not so subtle stealth technique would be to simply delete the command from the menu and therefore make it hidden and unusable.
A Macro Virus could also simply hide the functions of the Tools|Macro command by making nothing happen when the user selects it. With a macro, the virus writer can make custom dialogue boxes and can use this to trick the user. For example a Macro Virus could make a custom dialogue box appear when the user selects Tools|Macro that makes it appear that there are no strange macros present.
An infamous one was the Melissa Macro Virus which infected Win97 and Win2000 and carried instructions to email itself to 50 other people in the infected persons address book. It Modifies MS Word settings and infects documents and templates,Could e-mail sensitive documents, May crash e-mail server’s.
Melissa was different from other macro viruses because of the speed at which it spread. The first confirmed reports of Melissa were received on Friday, March 26, 1999. By Monday, March 29, it had reached more than 100,000 computers. Some sites had to take their mail systems off-line. One site reported receiving 32,000 copies of mail messages containing Melissa on their systems within 45 minutes. Melissa was relatively non-destructive and easily detected. Although variants could be significantly more destructive or stealthy.
The Melissa virus caused at least $80 million in damage to computers worldwide. David Smith pleaded guilty to having created the virus, one of few instances in which authorities were able to catch a virus’s author.