The Macro And Macro Virus Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In our paper about macro virus, we introduce macro and macro virus some concepts. It mainly includes propagation mechanism, some typical symptoms to talk about how to distinguish whether your system is infected with virus. By searching related books, Internet and some other materials, we also find out two famous macro virus cases: Concept Virus and Melissa Virus. Then we analyze macro virus risks and reasons why it is risky for us. Last we talk about the current countermeasures of this kind of virus. There are three methods: automatic removal, manual removal and Microsoft office protections. We also comment each kind of removing macro virus measures.


Many applications provide the functionality to create macros. Macro is a series of commands to perform some application-specific task. Macros are designed to make life easier, for example to perform some everyday tasks like text formatting or calculations in spreadsheets. [1]

The macro viruses reside in macros and use "macro instructions" to perform unintended and sometimes damaging actions. As the macros reside in documents the macro viruses are document-based. They generally reside in word processing documents, spreadsheets and presentation files. The macro virus attacks a document by inserting a copy of itself into the file.

Macro viruses can be stored in files with any extension and can spread via file transfer or even by e-mail. As the documents are now being widely shared through networks and over the Internet, the document-based viruses have become more prevalent. The macro viruses reside in data files without knowledge of the user and may execute upon some user actions or even without manual triggering by the user. [12]

Typical Symptoms

Any operating system can be infected by a macro virus, even Macs, as long as there is Microsoft Office installed in the system. The computer infected by a macro virus when user open any document or template that has a macro virus attached to it. As soon as the document is opened, the virus runs, corrupts files, and copies itself into other documents. The symptoms listed below are typical symptoms which can be used for identifying whether the system has been infected by a macro virus.

Receiving unusual or unexpected messages when you open a document or template. For example: "This one's for you, Bosco."

The file type of the document changes to the template format without your knowledge. For example: instead of saving your file as a .doc it changes to a .dot format.

When going to the "Save As" command in the application, the only available option is the ".dot" format.

Under the Tools menu, the Macro or Customize commands are no longer available. There may be strange macro names listed under the Normal Template such as "Payload," "AutoOpen," or "AAAZFS."

You are prompted to enter a password for a document that you never password protected.

Unusual changes in your document. The macro virus may insert the word "WAZZU" at random locations.

Receiving a virus rejection message from the email server when you try to send a Word document. [3]

Famous Macro Viruses

There are many kinds of Macro Viruses in the real world. Set the two below as examples to indicate how dangerous the macro viruses could be. The Concept Virus is the first macro virus. It has shown the potential threat of macro virus. The Melissa Virus is not designed to do harm to operating systems, but it overloaded the mail server.

Concept Virus

Concept was the first macro virus for MS Word that became widely dissimulated. It has taken the whole would by surprise. AV vendors were totally unprepared to this type of threat and before they catch up Concept became one of the most widely distributed viruses in history. It is functional in MS word 6.0 and Word 95. It spread via infected attachments. These attachments or files are regular MS Word documents that contain additional macros of the MS Word Concept virus. This virus is able to spread because the user sending the attachment across the network doesn't know that it is infected. The result is the recipients become infected just by opening the attachment or file on their PC when using MS Word.[18] The macro in the template copies the virus to the master template on the system and every Microsoft Word document passing through the "Word processor" after that will carry along an infected template. Up until now, you had to run a piece of code to get a virus infection. Now, you just have to load a document.[19]

Melissa Virus

The Melissa virus, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a mass-mailing macro virus. [2] It  is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user's address books. While it does not destroy files or other resources, Melissa has the potential to disable corporate and other mail servers as the ripple of e-mail distribution becomes a much larger wave. On Friday, March 26, 1999, Melissa caused the Microsoft Corporation to shut down incoming e-mail. Intel and other companies also reported being affected. The U. S. Department of Defense-funded Computer Emergency Response Team (CERT) issued a warning about the virus and developed a fix. [4]

Risk Analysis

Macro Virus can infect multiple types of operating systems

People don't normally think of viruses in documents

Easy to learn how to write a macro virus

Because office programs are usually integrated, email programs can be used to further spread the virus

Characteristics of the Macro Virus

Macro viruses are written in macro languages like VBA, which is relatively easy to learn. Hence, a large number of new macro viruses are created on every day.

A macro virus resides in documents like word processing or spreadsheet. They don't reside in executable files.

A macro virus may act like an ordinary macro such as accessing files, sending emails etc. It's not easy to determine whether a macro is suspicious or not.

The macro virus can infect a document, which the user has edited and saved using the application, and thinks to be genuine. The infection takes place without the user's knowledge.

Integrity checking does not work for macro viruses, as the susceptible files are documents, which are edited by users. Heuristic scanning and emulation techniques are most effective to detect macro viruses.

Security Countermeasures

As the most popular office software major function, Macro is being more and more important nowadays. People use this function to finish some complicated issues.

When they use this function that the office software will connect to the Internet to load the macro so that increase the possibility of a virus attack. Therefore, the security countermeasures is most important part for prevent macro virus would not affect us.

About the security countermeasures of macro virus, there are two major parts that includes remove part and preventability of macro virus.

Remove a Macro Virus

How to remove a macro virus? According to the research, there are two methods can remove a macro virus that include automatic removal, manual removal and Microsoft office protection.

Automatic removal

Automatic removal, means that the user can choose to use the Off-the-shelf anti-virus software to remove macro virus automatically even through he doesn't really understand the computer technology. User needs to install anti-virus software in computer. When user found that the computer with symptoms of poisoning that just needs to open the anti-virus software and the software will work itself to scan all the files in computer until found out the macro virus. After the anti-virus software comes out the result of scanning, user can check the scanning result to confirm the anti-virus software do not including some important files. If there are no any doubts of result, user just needs to click a bottom that the anti-virus software will remove macro virus automatically.

Manual removal

Manual removal is more complicated than automatic removal. This method require user very familiar with the operation of computer. First of all, user needs to know which files having the macro virus. When user found that the computer with symptoms of poisoning that could open Processes function in Task Manager to end all of the processes associated with the macro virus. And then open Search Program and files in Start that select and delete all the files, which associated with the macro virus.

3. Microsoft office protection

In Microsoft office, when you open a new file, all the download files opened with protected view. User should make sure macros is disabled in your office programs.

Under Macro Settings, make sure the "Disable all macros with notification" button is checked. This is the default setting. When you open a document with a macro and a security warning appears, click Options on the message bar to open a security dialog box. You have the option to enable the macro or leave it disabled. You should enable the macro only if it is from a trusted source. Also, you can choose to "Trust all documents from this publisher" so that you won't be notified again when you receive a document with a macro from this trusted source. [5]

Prevent getting a Macro Virus in the future

In general, everything should plan ahead. Before computer attacked by macro virus that should needs to planning how to prevent the computer not be attacked. Combining daily computer operations and anti-virus software together to prevent macro virus that may decrease the possibility of virus attacked. First, make sure the virus protection is up-to-day and do regular virus scans. Do not open file attachment if you are not expecting to receive. And do not open a file download from an untrusted websites. Besides, to prevent any auto macros from being running may infect hold down the "Shift" key every time you open a file that you suspect.

Comment on Security Countermeasures

As the methods that mentioned before, for each one both have advantages and disadvantages. For the automatic removal, it's easy to use and not high-tech. but it have a big problem which is maybe it cannot found the macro virus successfully. And sometime will scans the wrong files, if the user is not pay attention to the scanning result that user would possible delete the wrong file.

The second method is manual removal. This method is good for some users who good at use the system of computer. The Technical requirements are high. Therefore if the user hasn't enough confident for macro virus theory and computer using, he would not choose this methods. And compared with the automatic removal, manual removal is better and clear.

The last method is protection by Microsoft office. This method is very good for prevent macro virus to attack computer. Because macro virus will run when the file is open. Microsoft office is set a view mode that just can view the contents in files. For this method is good at prevent but not for remove a macro virus.

In a word, fundamentally avoid macro virus attack should be completely clean and clear need to combine those three methods together.


By this assignment, we learn some knowledge about macro virus, includes some typical symptoms that make us to notice whether our systems are infected by macro virus and we also know some countermeasures about how to remove them. The most important thing is that we clear know this kind of macro virus spread characteristics and regulate out behaviors as a computer/system user.