Macro
Viruses
Introduction
Macro Viruses are one of the biggest threats to corporate entities today. Any
business using Microsoft Word 95/97 faces the risk of an extremely powerful
macro being sent to them encoded in a word document, which can then cause
havoc. Recently there has been a large amount of publicity about a macro virus
named "Melissa", this is exactly the kind of danger any Word user faces.
Therefore, please take the time to read this document.
Originally,
macros were a feature that allowed a user to, for example, press a certain key
combination and their address would appear on the page. With the evolution of
software, and the consequent overlap between programming tools, word
processors, and desktop publishers, macros now have an enormous number of
commands: as many, in fact, as the application itself. Nearly all of Microsoft
Word's commands can be executed by a macro. This means that files can
be opened, modified, and then saved by the macro. This is not limited to Word
files, but includes important system files vital for the function of your
computer. Any programmer with knowledge of Visual Basic can easily write a
macro, one that can seriously harm your computer.
About
the Document
You can download an example document here.
The following is what is contained in it. This document is designed to alert
you to the possibilities and capabilities of macro viruses: embedded in it is a
macro that opens one of your start-up files (that is, one of the files your
computer runs every time it starts), and copies it. It then closes it and
creates a new text file, pastes the contents of the start-up file into it, and
also inserts a new line into it. (The macro is deliberately designed so as not
to modify your actual start-up file, as this would have a disastrous effect:
instead it makes the copy and modifies that instead). The new line added would
be executed the next time you restarted your computer, and would then render it
unusable, as it deletes a file without which your computer cannot start. Your
only solution would be to find another version of that file, or format (wipe)
your hard disk completely and reinstall all your programmes, something which
would mean you lost all your data and would cost you an inordinate amount of
time. The file output by the example macro in this document has been saved on
the root of your hard disk under the name of "MacroVautoexec.txt", which you
can open from within any word processor. It is quite safe to delete this file.
Macro
Virus Prevention
When users exchange information, they spread viruses: this is how viruses
propagate. For example, if you send any e-mail with an attached file, or copy a
file onto a floppy disk and give it to someone you could potentially be
spreading a virus. Macro viruses are easier than most to detect, due to the
fact that when you open a document with an embedded macro, Word asks you
whether you would like to enable macros. If you have even the faintest
suspicion that the document might contain a harmful macro, simply disable
macros. Make sure that the "Always ask before opening documents with macros or
customizations" is ticked, as this is your only real protection against macro
viruses. An up to date virus checker is advisable, as these can detect some
macro viruses, (although not all, as more are being written all the time).
These are available from various companies: I recommend
Network Associates (owners or Dr. Solomon's, McAfee and so on). Their
web address is http://www.mcafee.com/ (McAfee).
Download
the Example File
There are two files:
-
A Microsoft Word
97 (version 7.0), document "macroexample.doc", which contains a macro I created
to demonstrate some of the capabilities of Word macros. It also contains
information about macro viruses and their prevention.
-
A Rich Text File
(RTF), "macroexample.rtf", which has all the information that the Word document
has, except for the example macro, and that should be readable by most other
word processors.
The Word
document, when you open it, will first tell you that the document has been
reserved by me. It is pass-worded against modification to make it difficult for
people to modify this warning maliciously. Click open as "Read-Only". Word will
then ask you whether you want to enable macros in the document. This is
entirely up to you. The macro embedded will not damage your computer in any
way: it will simply create a file on your hard disk which can safely be
deleted. Also, if you enable the macro, the document will open and you will see
a message in large red letters. Scroll up from this to the top of the document
to read the information about macro viruses (it's as in these pages). If you
decide to disable macros in the document because you don't trust this e-mail
(and I don't blame you), then you will still be able to read the information
contained in the document. For those who cannot open Word documents (or are
really cautious), I have provided the RTF file. This contains no macro, but can
be opened in most popular word processors.
Word
97 Document (69.2 KB)
RTF Document (14.0 KB).
General
Advice on Viruses
Macro
Viruses
E-mail
Viruses (& Hoaxes)
Notes
& Disclaimer
Links
|
Macro
Viruses
A brief synopsis
of what they are, and what they are capable of. Visual Basic macros are
currently some of the most powerful and widespread viruses.
If you use
Microsoft Word 95 or later, this is a must read.
E-mail
Viruses
Many "virus
warnings" get forwarded around the net... However: which ones are true,
and which are just hoaxes?
Find out what
viruses can actually spread to your computer from e-mails.
General
Advice
There are many
things you can do to avoid having the problems of a virus on your computer
system.
Here is some
general advice on virus prevention, mostly to do with the Internet.
Notes
& Disclaimer
Here are a few
notes on the documents that are on this site, and those that are downloadable.
Also, please read
the disclaimer here: it involves limitation of liability on my part on your
usage of the information provided here.
Links
Some general
links to different virus checker software companies, other information on
viruses, and sites which provide up to date information on viruses which are
new.
|
|