Answer: The increasingly sophisticated word processing and spreadsheet files of today carry many useful macro commands that provide a variety of features to documents and spreadsheets. For example, macro commands can perform key tasks, such as saving files every few minutes, or they can prompt you to type information into a form letter.

Macro viruses are special macros that self-replicate in the data files of personal productivity applications such as Microsoft Word and Excel. The majority of macro viruses infect Word document files. When a file containing infected macros is opened, the virus usually copies into Word’s global template file (typically NORMAL.DOT) through the use of macro commands that are automatically executed at document load time. Then the virus can infect other Word files. Any document opened or created after the template has been infected will be infected.

Macro viruses, which become part of the document itself, are transferred with the file from user to user via floppy disk, file transfer, or e-mail attachment. Macro viruses are the most common types of computer virus found today.

Answer: Macro viruses usually are written to infect some or all of the "auto" commands, including AutoOpen, AutoSave, AutoClose, AutoNew. Since those commands are executed automatically at the time a document is loaded in Word, it is likely that you will not notice the infection.

Answer: Macro viruses gain access to word processing and spreadsheet files by attaching themselves to the executable portion of the document - usually replacing the AutoOpen, AutoExec, AutoNew, AutoClose, AutoExit macro commands

Macro viruses are particularly difficult to eradicate because they can hide in attachments to old e-mail messages. For example, a network once infected by a macro virus can become re-infected when an employee returns from vacation and opens an old e-mail attachment with a virus. When the employee forwards it to others on the network, the virus can spread again, necessitating a second round of detection and disinfection.

Answer: Prior to the macro virus era, creating a virus required some knowledge of assembly language or other complex programming language. Today, almost anyone can write a macro virus using Visual Basic, which uses English-like commands. There is even a guided step-by-step template for creating Word macro viruses available on the Internet. Most macro viruses are slight modification of existing macro viruses.

Answer: Macro viruses can infect any version of Word that has the ability to run macros. This includes Word 6.x for both Macintosh and Windows and Word 7 for Windows '95. Word 8 has a built-in, but limited Macro Virus Protection Tool.

Answer: Like all computer viruses, macro viruses can destroy data. For individual users, the worst thing a macro virus might do is reformat their computer’s hard drive.

Corporations are taking a heavy hit from macro viruses, which can restrict file-saving operations, manipulate information, control data storage, and reformat the hard drives of every PC hit by the virus in the company. While most of the more than 500 known macro viruses are not destructive, many cause a considerable loss of productivity and staff time.

There are a combination of factors. Before macro viruses were first noted in August of 1995, anti-virus software scanned only executable files and boot sectors, the early targets of computer viruses. Macro viruses infect Word and Excel documents, whose internal structure is very different from executable files or boot sectors. Document files use an intricate OLE structure that required changes in the way anti-virus software looked into files.

In addition, because of the high number of variants of macro viruses, early pattern-matching techniques wee not always efficient enough to ensure proper detection.

Finally, the way Word and Excel documents are shared (via e-mail attachments) required new techniques to enable anti-virus software to check inside e-mail databases.

To protect against macro viruses, home users should update to new software capable of scanning e-mail attachments, and network administrators should investigate software designed specifically for their e-mail environments such as InterScan VirusWall or Trend’s ScanMail series. You can read more about macro viruses and the new technology Trend developed to detect them in the white paper "Trapping the World’s Most Prevalent Viruses."

Answer: Trend Micro’s patented MacroTrap is a rule-based scanning engine that instantly detects and cleans known and unknown macro viruses, eliminating the time-consuming steps that traditional virus vendors require (collect new viruses, analyze them, create a detection pattern, release new pattern files). MacroTrap is based on OLE2 (object linking and embedding) technology - the same structure at the basis of Word and Excel files. This allows MacroTrap to efficiently extract only the macro portion of each word processing or spreadsheet file it examines.

In addition to high-speed scanning performance, this approach reduces the likelihood of false-positive virus indications, which are possible when large text files are scanned. After extracting the macro code, MacroTrap compares it with patterns from known viruses. If a match is found, MacroTrap alerts the user. Otherwise, the anti-virus software applies a comprehensive set of intelligent binary rules that can detect the presence of almost all macro viruses. Moreover, since the rule sets are external files constructed by Trend, we can periodically update these files to adapt the rule database to new forms of macro viruses, and eliminate false positives that may occur.

You can read more about MacroTrap technology in Trend’s white paper: "Trapping the World’s Most Prevalent Viruses."