Macro Viruses

Macro viruses are computer virus that uses an application's macro to distribute themselves. Since they are dependent on the application rather than the operating system they are able to affect different platforms such as windows and Macintosh. A famous example of Macro viruses is the Melissa virus which Wikipedia states (http://en.wikipedia.org/wiki/Melissa_(computer_worm)) was found in 1999 March 26 in an word document . It operates off MS word 19, 200 and even outlook 97 and 98. Designed to propagate via mass email, it clogs mail systems with infected email and overloaded servers.

Prevention is better than cure; here are some tips that may help in identifying or preventing such macro viruses:

Firstly, opening the file indirectly, by inserting it into a new file, will enable you to view the macros of the document without activating them. Access the list of macros in the suspicious document and look for unfamiliar or suspicious macros such as AAAZAO, AAAZFS, AutoOpen, FileSaveAs, and PayLoad. Either delete these macros or simply delete the document if possible. If the data contained is of importance, one can simply copy the contents and paste it in another file.

Another method is to open the file while holding the Shift key. Opening a document or template (or pressing SHIFT when you start Word) prevents any auto macros from running. If a macro virus is present, it will not be loaded. Once the document is loaded, simply select copy from edit, start a new document and select paste.

Microsoft has released a new version of its macro virus protection program that checks all word documents as you open them and tells you if they contain a macro. However, you may still use the Organizer to check for strange macros or if the macro command is unresponsive. Organizer opens a document in the background without running attached macros and allows you to view the macros. You may also use it watch for activity when opening or saving a document but checking a document before opening it is still recommended.( http://www.emergency.com/wordvrus.htm)

Below is a list of some current Macro Viruses:

Concept (Prank) Macro Virus

Nuclear Macro Virus

Colors Macro Virus

FormatC Macro Virus

And lastly: Recent attack via Word flaw

Description from (http://www.securityfocus.com/brief/213)

“A U.S. company is among the apparently small number of victims specifically targeted by a malicious group using a previously unknown vulnerability in Microsoft Word.

The attack--first brought to light by the handlers at the SANS Institute's Internet Storm Center (ISC)--consists of an e-mail message sent to a small number of individuals in the targeted company. Each message carries a Word attachment and, so far, only two subject lines have been seen: "Notice" and "RE Plan for final agreement.”