In computing terminology, a macro virus is a virus that is written in a macro language: that is to say, a language built into a software application such as a word processor. Since some applications (notably, but not exclusively, the parts of Microsoft Office) allow macro programs to be embedded in documents, so that the programs may be run automatically when the document is opened, this provides a distinct mechanism by which viruses can be spread. This is why it may be dangerous to open unexpected attachments in e-mails. Modern antivirus software detects macro viruses as well as other types.
A macro is a series of commands and actions that help to automate some tasks - effectively a program but usually quite short and simple. However they are created, they need to be executed by some system which interprets the stored commands. Some macro systems are self-contained programs, but others are built into complex applications (for example word processors) to allow users to repeat sequences of commands easily, or to allow developers to tailor the application to local needs. The step which has made some applications susceptible to macro viruses was to allow macros to be stored in the very documents which are being edited or processed by the application. This makes it possible for a document to carry a macro, not obvious to the user, which will be executed automatically on opening the document.
A macro virus can be spread through e-mail attachments, discs, networks, modems, and the Internet and is notoriously difficult to detect. Uninfected documents contain normal macros. Most malicious macros start automatically when a document is opened or closed. A common way for a macro virus to infect a computer is by replacing normal macros with the virus. The macro virus replaces the regular commands with the same name and runs when the command is selected. In the cases where the macro is run automatically, the macro is opened without the user knowing.
Once the application opens a file that contains a macro virus, the virus can infect the system. When triggered, it will begin to embed itself in other documents and templates, as well as future ones created. It may corrupt other parts of the system as well, depending on what resources a macro in this application can get access to. As the infected documents are shared with other users and systems, the virus will spread. The macro virus has also been known to be used as a way of installing software on a system without the user's consent as it can be used to look up software and web pages on the internet, go through with downloading and installing the software through the use of automated key-presses etc.; however, this is uncommon as it is usually un-fruitful for the virus coder since the installed software is usually noticed and uninstalled by the user.
A well-known example of a macro virus is the Melissa Virus from 1999. Anyone who opened a document with the virus in Microsoft Office would 'catch' the virus. The virus would then send itself by email to the first 50 people in the person’s address book. This made the virus replicate at a fast rate.
Since a macro virus depends on the application rather than the operating system, it can infect a computer running any operating system to which the targeted application has been ported. In particular, since Microsoft Word is available on Macintosh computers, word macro viruses can attack these as well as Windows platforms.
The macro virus can be avoided by exercising caution when opening email attachments and other documents. Not all macro viruses can be detected by antivirus software.
Common macro viruses
- Microsoft Corporation. (2006). Introduction to Security.[dead link] Retrieved June 18, 2006
- The Trustees of Indiana University. (2006). What are computer Viruses, Worms, and Trojan Horses? Retrieved June 18, 2006
- Macro Viruses from Security News & Information