Macro virus

Definitions

A macro virus is

“

[a] specific type of computer virus that is encoded as a macro embedded in some document and activated when the document is handled.[1]

”

“

[a] program or code segment written in the application's internal macro language. Some macro viruses replicate or spread; others simply modify documents or other files on the user's machine without spreading.[2]

”

“

[a] type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.[3]

”

“

[a] virus attached to instructions (called macros) which are executed automatically when a document is opened.[4]

”

Overview

Macro viruses are the most prevalent and successful type of virus. These viruses attach themselves to application documents, such as word processing files and spreadsheets, and use the application's macro programming language to execute and propagate.^[5] Macro viruses use the macro programming capabilities that many popular software packages, such as Microsoft Office, use to automate complex or repetitive tasks.

These viruses tend to spread quickly because users frequently share documents from applications with macro capabilities. In addition, when a macro virus infection occurs, the virus infects the template that the program uses to create and open files. Once a template is infected, every document that is created or opened with that template is also infected. The Concept, Marker, and Melissa viruses are well-known examples of macro viruses.

References

1. NIST Special Publication 800-28, ver. 2.
2. A Good Decade for Cybercrime, at 10.
3. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
4. Good Practice Guide for Computer-Based Electronic Evidence, at 57.
5. NIST, Computer Security Incident Handling Guide (NIST Special Publication 800-61, rev. 1) (Mar. 2008) (full-text).