A Macro is a computer statement (function) that expands into group of smaller instructions. This might be part of code or application -specific set of commands. On itself, they are used to speed up repetitive tasks or automate them when working with particular programs. However, they can be misused for malicious purposes if the application allows access to system configuration or download and run other programs. Malicious macros are called Macro-viruses.
Types of Macro Viruses
There are 3 models of Macro viruses:
- Computer Virus ones. They just try to replicate and infect as many files as possible. Such parasites are less common today however they were really popular some years ago. Viruses rely on humans sharing their files and documents weren’t checked as throughly as executable programs. Today we have other ways to co-work on documents and spreadsheets.
- Trojan Macro Viruses: These parasites are used as a way to infect with other malware by using “less dangerous” file formats or exploits. Typically, the file is either mailed or sent by chat programs. It is quite similar to other trojan parasites the single difference being that the file is not executable.
- Used in exploits on web, when the infected file is embeded in the page. This is more common for PDF and Flash exploits.
Additionally, Macro Viruses run inside Application rather than host system. Thus they might be able to run on any OS that has full version of that application. However, many macros won’t work if you open documents in third party applications. E.g. it is safer to open Word documents in Libreoffice or Google Doc. Such Malware were noticed already.
Below you will find a video, explaining how macro-based self-replicating malware is created. Basically, it shows how macros are attached to a document. qkG file-encoder is one of these infections. It is a crypto-virus which will coming after users’ files and their money.
How to avoid Macro viruses
Macro viruses rely on emails or people sharing them through usb and chat applications (they can be used in Skype viruses too). Today many popular email services like Gmail scan messages for such infections, though they might miss it if the file is compressed. Always scan files and USB keys with antiviruses that are sent without prior warning. Hitman works well in such cases.
Some applications ask you if you wish to run Macros in document first time opening it. For downloaded document you should always stop their execution. This will make sure the malware won’t download anything to your Computer.
You will also need good antivirus or anti-malware to avoid being infected through network shares, dropbox or from other user accounts. Choose one with good realtime protection. If you think that you have opened infected document, scan your Computer with with SpyHunter or Hitman.
Other versions of Macro Virus
There was a fake anti-spyware application with the name Macro Virus. It was designed to mislead people into believing that their computers are infected. Additionally, this program declares that its trialware is not capable to remove parasites detected and asks paying the money at first for its “full” version. The one and only truth is that MacroVirus is the main problem on the PC which needs to be eliminated. Malware executes its mission dedicated for ripping people off, so never fall into its misleading requirements. Remove Marco Virus scamware instead.
If you have Macro Virus on board, you are most likely to get tons of annoying system scanners and alerts telling that your PC is infected. This parasite also imitates scanning of the system actions and then shows that there was numerous spyware “caught”. However, it reports only invented Trojans, worms or other scamwares, so be aware not to remove them. Being distributed with a help of Trojans, only Macro Virus must be removed from the system. Do not trust its misleading alerts given and delete Macro Virus. Trust a reputable anti-spyware which should be used for a full system scan just after getting some of its fake notifications.
I do not think this version of Macro Virus is distributed anymore.
Automatic Malware removal tools