Wednesday, June 07, 2006

what is a macro virus?

a macro virus is a virus written in a macro programming language (a programming language for embedding simple programs within documents)...

most (but not all) macro viruses are written to operate in microsoft applications such as word or excel or powerpoint... these macro viruses contain one or more macros with the same name as a macro that is built into the microsoft application they're running under... then, when the ms application tries to execute it's own macro it finds the one in the document first and executes it (which makes it kind of like a companion infection technique)... since the applications in question have macros for all kinds of standard functions (like file->save or file->open) macro viruses don't have any trouble getting executed...

although it is often said that macro viruses infect documents this does not mean it's a type of virus that infects data... for one thing word/excel/powerpoint (OLE2) documents are not pure data - they're more like little file systems that contain both data and (macro) programs, not unlike your C: drive... so when someone says "my document is infected with a virus" it's comparable to the colloquialism "my computer is infected with a virus"... also, technically what a macro virus is infecting is another macro...

additionally, the operating system that uses those little file systems is the ms application that opens the document - that's why macro viruses can often operate on both windows and macs without being classified cross-platform... whether it's a windows machine or a mac machine a word macro virus runs on the ms word platform...

back to index

0 comments: