Macro virus es are computer viruses that do not exist as standalone (and compiled) code, but in the form of a macro. A macro is a part of a program and can be embedded in a document. For example, a Word document may contain a macro that automates certain operations in Word and takes work away from the user. A macro virus is programmed to embed itself in other documents and call malicious functions, for example by changing text in Word files or deleting arbitrary files on the hard disk.
The vast majority use Microsoft’s imperative macro languages VBA or VBS for this purpose. Since VBA and VBS directly target the manipulation of files, the threat potential of macro viruses is correspondingly high.
Mostly, the goal is to infect the standard template (in Word: “normal.dot”), since this is automatically loaded with every program start and the virus thus automatically becomes active as well. All newly created documents are infected with this virus and it reaches the highest possible spread.
A certain degree of protection is provided by up-to-date anti-virus programs and caution when exchanging data.
Programs that are attacked include: Microsoft Word, Microsoft Excel, Microsoft PowerPoint, Microsoft Access, AmiPro, CorelDraw and StarOffice/OpenOffice.org.
Reactions from Microsoft: Macro viruses as of MS Office 2007
Due to the introduction of the new XML-based MS Office formats from 2007 onwards, macros can no longer be executed in files with the suffixes XLSX, DOCX, PPTX etc.. The documents that can contain macros have an “M” instead of an “X” in the suffix and are also recognizable by a clearly visible exclamation mark in the file icon. In addition, the execution of macros is deactivated after the initial installation of MS Office and must be activated manually.
- Definition of macro viruses in the lecture “Macro Virus Identification Problems” by Vesselin Bontchev(Memento of 23 August 2014 in the Internet Archive)