Macro viruses

Question: I’ve been looking round, (having just received a disk with my third Macro Virus in five days), and the best source of information I’ve found is the Dr Solomon’s site. Sometimes more harm is caused by false alerts, “joke” alerts or by panic measures, than by viruses themselves.  Macro viruses live in the executable “macro” code that allows word processors and spreadsheets to be customized and programmed. Like almost all executable code these can contain virus infections which can spread themselves to other files. Some are harmless, some irritating, some deadly – it depends on the “payload”. When a virus payload detonates almost anything can happen. Apart from the normal corruption, deletions and disk formatting tricks, macro viruses can also globally replace text strings, insert text, or password protect files. Changed strings or inserted text can be difficult to find, and the password trick is also quite nasty since you won’t spot it until you open the file later. Only the virus knows the password.

Getting rid of macro viruses is a matter of finding out where they live and removing them. The virus software can repair the infected files but sometimes other actions are necessary – in particular if the document templates or program preferences have been altered. If you look at the virus encyclopedia you can get specific advice for each type of virus. In my experience there’s Dr Solomon and the rest. The others either generate too many false alerts and/or are good on some releases but don’t keep up. The only time we’ve had an alert that was not generated from Dr. Solomon’s was when it was a false warning, and we’ve had files from systems protected with most of the other offerings, that turned out to be infected but hadn’t been spotted till we ran our Dr. S. on them. If I sound like a fan it’s because I am. This software has saved our systems on several occasions, and the support I’ve received from Dr. Solomon’s is among the best I’ve had. On June 9, 1998 McAfee (then Network Associates) agreed to acquire Dr Solomon’s Group P.L.C, the leading European manufacturer of Antivirus software, for $642 million in stock.

Either way: if you don’t have a virus scanner and take files from other systems or the net your systems are at risk. Modern viruses being what they are you might not know that your system has one till months later. But if you’re not checking you’re not alone. The last few viruses to pass through our systems were from:

  • a major International company.
  • a university famous for its computer science department.
  • a large software house (this one was on an issue disk).
  • an EU department concerned with hi-tech.

If that little list doesn’t make you uneasy then you already have a scanner. Otherwise I earnestly suggest you get one.

Answer 1: Another excellent site for information on so called “joke” alerts is the Computer Virus Myths home page. It looks a little flippant on very first sight but it gives calm-headed info on scare stories and chain letters, which seem to be an increasing problem (again).

Answer 2: Thanks for the pointer – an interesting site. I know what you mean by “again”. I first came across a hoax virus in 1988 – a “Good Times” prototype – and I’ve had to reassure at least one company every six months since, that there isn’t no such beast!

Leave a Reply

Your email address will not be published.

Notify me of followup comments via e-mail.