Viruses (or virii) - Part 2

As you may or may not know (until now), you can write executable code in Windows Office Documents using Macros. Viruses can use this as a way to spread and infect computers. The Melissa virus is a good example of this. Melissa used the Document_Open() subroutine of a word document (circulating via email) to execute its code and deleted several system critical files.

Popular subroutines used are:

• Document_Open()
and
• Document_Close()

So we could write code in these subroutines that will execute when either the document is opened or closed.

We will create a word document and open the Visual Basic Editor:



Right click on the word document shown and click ``View Code'':



Choose ``Document'' on the right hand side and ``Open'' on the left:



We'll have a message box come out when the document is opened and we'll delete a file called ``test.txt''. Another message box will come out when the document is closed. The resulting code is shown below:



If macros are enabled on for MS Word, then the code will execute. An execution is shown below:





You should disable most macros to make sure that you are safe and to avoid viruses that use this method of transportation. You can do that by going to Tools->Options->Security->Macros and setting the setting to either High or Very High:





If you have your setting to Medium you will be prompted as to whether or not you want to execute macros: