What’s a macro? It’s a small program that runs within a bigger program to automate a task (usually a complex or time-consuming task) on a user’s behalf. Macros are written in a programming language designed to work within their broader environment. So, for example, macros for Microsoft Office are currently written in Visual Basic for Applications (VBA).  For example, Microsoft Word and Microsoft Excel are two widely used programs that are capable of executing macros. Now, what is macro virus?

Macro viruses add their code to the macros associated with documents, spreadsheets and other data files. A macro virus infects a software program and causes a series of actions to begin automatically when the program is opened. These viruses written for these programs can spread by infecting other related documents each time the document is open. Because these files are commonly used and sent through e-mail, a computer network can be quickly infected by these viruses. In fact, macro viruses may come from documents attached to emails, or the code may be downloaded after clicking on “phishing” links in banner ads or URLs. They are difficult to detect, as they do not operate until an infected macro is run, at which time they perform a series of commands. This virus if sent through email spam, it often automatically sends itself to everyone in that user’s address book.



Types of Macro Viruses 

  • Concept Virus: Concept was the first macro virus, appearing in July 1995 and targeted Microsoft Word.
  • Melissa Virus: Melissa made history as the first macro virus with email worm trait and started spreading via email on March 26, 1999 infecting tens of thousands within hours.

Source: kaspersky.com



How Do We Know If We Have a Macro Virus? 

A macro virus can corrupt data, create new files, move text, format hard drives, send files, and insert pictures. Some macro virus name examples include AutoOpen, FileSaveAs, Payload, NORMAL.DOT, and more.

If you see the following, you should give the possibility that a macro virus is on your computer and is sabotaging:

  • Displaying strange messages in a dialog box.
  • Unusual or unexplained behavior when using a program. For example, you might be prompted for a password when opening a file that has never needed a password before. You might also see documents suddenly saved as templates, too.

Source: lifewire.com



Examples of Macro Viruses 

  • Macro.Concept: This is the most common macro virus. A message box, with the text “1” appears on the screen when an infected document is opened. Select Tools|Macros and then check the list of macros. AAAZFS, AAAZAO, AutoOpen, Payload and FileSaveAs indicates that the Microsoft Word system is infected.
  • Macro.Nuclear: Nuclear is similar to the Concept virus, however all macros in Nuclear are protected in such a way that they cannot be viewed or edited. An infected NORMAL.DOC contains nine macros named AutoExec, AutoOpen, DropSuriv, FileExit, FilePrint, FilePrintDefault, FileSaveAs, InsertPayload and PayLoad.
  • Macro.Colors: This virus contains the following macros: AutoOpen, AutoClose, AutoExec, FileNew, FileExit, FileSave, FileSaveAs, ToolsMacro, and others. AutoOpen does not contain code. Possibly, it was written to clear any AutoOpen code that may have been added by an anti­virus program.
  • Macro.Hot: This virus creates an entry in the WINWORD6.INI configuration file which contains a “hot date.” This “hot date” is 14 days from the current date, which is when the virus will trigger. The virus can activate randomly within a few days of the “hot date” to erase the contents of a document when it is opened.
  • Macro.DMV: This macro virus actually is a Trojan horse and does not replicate itself. It simply formats the C: drive when an infected document is opened. It was posted to a Usenet news group.

This section is abbreviated from safenet-inc.com



How Can I Avoid Getting This Virus?

There are several key ways in which you can lower your chances of being re-infected with a macro virus:

  1. The best way to stay safe from macro viruses is not to run them. So, in recent versions of Office, Microsoft has changed its default settings: now, if you open a file containing a VBA macro, the file will open but the macro will be disabled. By default, you’re shown a message informing you of this and giving you the option to enable the macros in that file if you’re confident they are safe.
  2. Don’t instantly open emails or email attachments. Unless you are expecting an attachment from someone via email.
  3. Keep your anti-malware software and malware protection updated.
  4. Always confirm the legitimacy of the source of the programs and apps you download.
  5. Malware can infect your computer through the suspicious websites you might accidentally access.
  6. Don’t click on banner ads. Also, if a site inundates you with pop-up advertisements, leave the site immediately.

Source: sophos.com  and  lifewire.com


You can learn more about these viruses in here.