O'Reilly logo

Malicious Mobile Code by Roger A. Grimes

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Detecting Macro Viruses

Macro viruses, because they are contained in frequently shared datafiles, are good at spreading, and this accounts for the reason why they are currently the most popular malicious mobile code type on the planet. However, there are dozens of symptoms, beyond your virus scanner going off, that should make you suspect a macro virus. Most of these apply to Word macro viruses, but others apply to any type.

Macro Warnings

Most of the newer versions of Office (97 and later) will warn you if a document, workbook, or datafile contains macros with the following message:

C:\<path>\<filename> contains macros. Macros may contain viruses. It is always safe to disable macros, but if the macros are legitimate, you might lose some functionality.

Tip

Office 2000’s default security level, High, will disable macros and not display a warning.

Office then offers to disable the macros by default. A use need only hit Enter or accept the default action to disable the macro virus. Most people do not utilize files with macros, and thus, such a warning usually means a virus is present. If more end users understood the importance of this warning, macro viruses would not be the problem they are today. If you see a macro warning, you are probably opening an infected document unless your normal Office environment includes macros.

Ways viruses can get around macro warnings

Unfortunately, there are many ways a virus can get around Office’s inspection of macros. Some are caused by technology ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required