Chapter 5. Macro Viruses
Antivirus researchers have talked about macro viruses since the early days of MMC. Two of the best, Dr. Fredrick Cohen and Ralf Burger, had discussed them in the 1980s, and Harold Highland had written a security paper about them in 1989. The antivirus industry knew they were possible, and it was perplexed that they didn’t take off with Lotus 1-2-3 or WordPerfect. Maybe virus writers were just waiting for the right application. That application was Microsoft Word. The first Microsoft Office macro virus was released in December 1994. By 1995, Microsoft Office macro viruses had infected Windows computers all over the world. They soon eclipsed every other type of malicious mobile code, forever changing the antivirus landscape. In the past, antivirus researchers could always narrow their searches to executable programs and boot sectors. Macro viruses replicate using data files. Suddenly scanners had to go from searching for a few file types to investigating everything.
Today, macro viruses make up the majority of
mobile code attacks in the world. Macro viruses effortlessly account
for over half the infections reported each month. The
U.S. Department of Energy, which
maintains the Virus Response Team
(ViRT) for the government, claims macro
viruses represent 85 percent of their tracked infections. The
Virus Bulletin
(http://www.virusbtn.com) published a virus prevalence table in which macro viruses grabbed the top five spots and 80 percent of the reported incidents. ...
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.