T 5.43 Macro viruses

When files are exchanged (e.g. using data media or by email), there is a risk that other macros connected to the document or embedded editor commands are also transferred or transmitted in addition to the actual file itself (text file, spreadsheet etc.). These macros can only be executed when editing the document in the relevant application program (Winword, Excel etc.) when the document is processed, either through activation by the user or because the macro starts automatically. If a document is received using a WWW browser which automatically opens the document, a macro or auto-macro may be activated.

Since macro languages have a large, complex command set, there is always a danger that a document contains a macro that causes damage (e.g. a virus).

In practice, the threat posed by this danger has risen significantly all over the world, especially for files of the programs Word for Windows or Excel from Microsoft. For a user, it is not clear that Word template files (*.DOT), which can contain macros, can be renamed to *.DOC files that then appear as ordinary document files not containing any macros. However, Microsoft Word processes these kinds of files in nearly the same manner without providing any information on this fact (exception: Winword for Windows Version 7.0a and higher).

Of all virus infections reported nowadays, Word macro viruses are the number one type of virus reported. It must be noted that macro viruses can infect all operating systems that can run Winword (Windows Version 3.1 and 3.11, Windows 95, Windows NT and Apple computers).

Example:

• The Winword macro virus "Winword.Nuclear" was spread over the Internet via the file WW6ALERT.ZIP. This macro virus causes the text "STOP ALL FRENCH NUCLEAR TESTING IN PACIFIC!" to be appended to all printouts, but it also attempts to delete system files.