When Word opens any document, it looks for macros included in the document, or its associated template. All macros are loaded into memory and any automacros are executed, if allowed by security. If the document or template contains any macro viruses they can infect other documents and templates, including the global template. Now, Word is infected, and any new documents created are infected by default (see Figure 5-10).

Figure 5-10. Word macro virus infection pathway

Typically, menu options are rewritten by malicious macros to help the infection process. For example, a macro with the name FileSave will allow a programmer to redirect what happens when a Word user chooses File → Save from the menu bar. In most cases, it will trigger the virus to infect the new document during the saving process. In earlier versions of Word, macros could only be saved in templates. When the virus infected the document, Word automatically detected the macros and prompted the user to save the document ...