Open XLS File

Macros and Security

Microsoft Excel added support of a powerful Macro language called Visual Basic for Applications (VBA) starting from Microsoft Excel 5.0. Microsoft added fully featured integrated development environment (IDE) to the Microsoft Office in order for users to develop custom functions on VBA. Introduction of VBA macros enabled many new uses of Microsoft Excel but at the same time it started an era of macro viruses.

Macro virus is a macros which can perform malicious actions on user computer and is able to spread itself. Most typical way of spreading is via e-mail. For example one of the most damaging macro viruses Melissa accessed Microsoft Outlook using macro language and sent an e-mail with itself to 50 users from Outlook address book.

Another way how macro virus can spread itself is by infecting other files on user machine. Even though files are located on the same machine the virus can still spread using this mechanism by following algorithm below:

• User opens Document X with a virus
• Virus infects Document Y on a user machine
• User sends Document Y via e-mail to another person
• When the second person opens Document Y their machine becomes infected

To hide its activity and prevent user from discovering it macro virus can disable certain menus. In case of Melissa virus it disabled Tools->Macro menu in Microsoft Word 97 and Macro->Security menu in Microsoft Word 2000.

It is much harder for macro viruses to spread with most recent versions of Microsoft Excel. That is because macros are disabled by default when document is opened. User needs to confirm that macro can proceed before anything happens. But according to recent research, notifications about macros in latest versions of Microsoft Office are not informative enough and uninformed user can accidentally enable macros on a document which has a virus. Several recent viruses like Locky utilized this weakness and spread a document to users which had a text “Enable macro if the data encoding is incorrect”. Document was on purpose filled with gibberish. This made many users click on enable macros option button and enable virus to install itself and spread.

That is why even with modern computer systems it is important to be very cautious when receiving and opening any documents from unknown sources.