T 5.43 Macro viruses

With the exchange of files (e.g. by data media or e-mail), there is a danger that, in addition to the actual file (text file, spreadsheet etc.), other macros connected to the document or embedded editor commands are also transmitted. These macros can only be executed with the relevant application program (Winword, Excel etc.) when the document is processed, either due to activation by the user or if the macro starts automatically. If a document is received by a WWW browser which automatically opens the document, a macro can be activated.

As the macro languages have a large instruction set, there is a danger that a macro with a damaging effect is added to a document (e.g. a virus).

In practice, the danger, especially for documents for Winword or Excel from Microsoft, rose significantly all over the world. For a user, therefore,it is not clear that files for Word profiles (*.DOT) which might contain macros, can be renamed to *.DOC files and then appear as ordinary document files not containing any macros. However Microsoft Word processes these kinds of files nearly the same way, without any notification to a user of that fact (exception: Winword starting from version 7.0.a)

In the meantime, macro viruses for Word are the number one in the rank of all reported virus infections. It must be noted that micro viruses can occur on all operating systems where Winword can be installed (Windows version 3.1 and 3.11, Windows 95, Windows NT, Apple Macintosh)

Example:

The Winword macro virus "Winword Nuclear" was spread through the Internet via the file WW6ALERT.ZIP. The macro virus causes the text "STOP ALL FRENCH NUCLEAR TESTING IN PACIFIC!" to be added to all printouts, but also attempts to delete system files.