Macro virus

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computing terminology, a macro virus is a virus that is written in a macro language: that is to say, a programming language which is embedded inside a software application (e.g., word processors and spreadsheet applications). Since some applications (notably, but not exclusively, Microsoft Office) allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, this provides a distinct mechanism by which malicious computer instructions can spread. (This is one reason it can be dangerous to open unexpected attachments in e-mails.) Many modern antivirus programs detects macro viruses as well as other types.


A macro is a series of commands and actions that help to automate some tasks - effectively a program but usually quite short and simple. However they are created, they need to be executed by some system which interprets the stored commands. Some macro systems are self-contained programs, but others are built into complex applications (for example word processors) to allow users to repeat sequences of commands easily, or to allow developers to tailor the application to local needs.


A macro virus can be spread through e-mail attachments, removable media, networks, modems, and the Internet and is notoriously difficult to detect.[1] Uninfected documents contain normal macros. Most malicious macros start automatically when a document is opened or closed. A common way for a macro virus to infect a computer is by replacing normal macros with the virus. The macro virus replaces the regular commands with the same name and runs when the command is selected. In the cases where the macro is run automatically, the macro is opened without the user knowing.[2]

Once the application opens a file that contains a macro virus, the virus can infect the system. When triggered, it will begin to embed itself in other documents and templates, as well as future ones created. It may corrupt other parts of the system as well, depending on what resources a macro in this application can get access to. As the infected documents are shared with other users and systems, the virus will spread. The macro virus has also been known to be used as a way of installing software on a system without the user's consent as it can be used to look up software and web pages on the internet, go through with downloading and installing the software through the use of automated key-presses etc.; however, this is uncommon as it is usually un-fruitful for the virus coder since the installed software is usually noticed and uninstalled by the user.

A well-known example of a macro virus is the Melissa Virus from 1999. Anyone who opened a document with the virus in Microsoft Office would 'catch' the virus. The virus would then send itself by email to the first 50 people in the person’s address book. This made the virus replicate at a fast rate.[3]

Since a macro virus depends on the application rather than the operating system, it can infect a computer running any operating system to which the targeted application has been ported. In particular, since Microsoft Word is available on Macintosh computers, word macro viruses can attack these as well as Windows platforms.[1]

The macro virus can be avoided by exercising caution when opening email attachments and other documents. Not all macro viruses can be detected by antivirus software.


  1. ^ a b "Frequently Asked Questions: Word Macro Viruses". Microsoft. Retrieved 2006-06-18. 
  2. ^ "Information Bulletin: Macro Virus Update". Computer Incident Advisory Capability. Retrieved 2006-06-18. 
  3. ^ "How Computer Viruses Work". How Stuff Works inc. Retrieved 2006-06-18. 

Further reading[edit]