Here is full info

Macroviruses are ... Characterization, principle of operation, detection and elimination

Today, thousands of malware are in the network . Of course, remembering each of them “in person” is an impossible, and unnecessary task. However, some are still worth knowing more because of their danger and widespread prevalence. In this article we will analyze that these are macro viruses. And also why it is important to adequately assess their threat.

Macro viruses are ...

The first half of the name of the malicious element comes from the word "macro". This is an integrated component of a MS Word or Excel document written in VBA. The macro has quite wide possibilities: it can format the hard drive, delete files, copy confidential data from the information stored on the PC, and send it via e-mail. Hence the great danger of defeating such an element.

macro viruses are

Macrovirus is a program written in macro language for further integration into a number of information processing systems: graphic and text programs and editors, software for working with tables, etc. The propagation of malicious elements occurs due to the capabilities of macro languages. Therefore, they are quite easily transferred from document to document, from one computer to another. What files do macro viruses infect most often? These are mainly Word, Excel documents.

How is the distribution?

PC infection happens quite simply. You just need to open or close the file infected by the macro virus on the computer. In this case, malicious elements intercept standard document functions. And then they begin to infect all such files that you access on your device.

Macro viruses are also resident malicious elements. That is, they are active not only at the time of opening / closing a document, but also throughout the work of a text, graphic or spreadsheet program! And some of them can even remain in the computer’s RAM until it is turned off.

macro viruses infect files

It should be noted the extreme ease of their creation: an attacker just needs to open the Word, go to the Service, and then to the Macros. Then he selects the Visual Basic editor, where he can already write malware in the VBA language.

The principle of the virus

When implementing a particular command, Word searches and executes the corresponding macros:

  • Saving a document - FileSave.
  • Printout - FilePrint.
  • Opening a text file - AutoOpen.
  • Closing a document - AutoClose.
  • Launching the program itself - AutoExec.
  • Create a new file - AutoNew and so on.

Similar macros, but with different names, are also used by Excel.

To hit a Word file, the malware uses one of these tricks:

  • Macrovirus already contains autocross.
  • The defeat of the system begins when you put on the task provided by the developer of the virus.
  • Overrides one of the standard macros. Typically, the latter is associated with some menu item "Word".
  • By clicking on a certain key or a combination of them, you yourself, without knowing it, start a malicious auto macro in action. And he is already starting his "work."

macro viruses file viruses

Macro viruses infect files this way:

  1. You open the affected text document.
  2. The virus code is copied to the global document macros.
  3. The last, already infected, when you close the file are automatically written to the dot-document (a template called Normal.dot).
  4. The rest of the matter is the redefinition of standard macros by the virus. This helps him intercept electronic document teams.
  5. When these macros are called by you, the file you are working on is infected.

Now we will determine how to establish the presence of these malicious elements on the computer.

Macro Virus Detection

File viruses in texts and tables can be defined as follows:

  • I can’t write the document to another disk or directory via "Save As ..."
  • Inability to save the file in a different format (checked through the "Save As ..." command).
  • It does not go out to save the changes you made to the file.
  • The Security Level tab becomes unavailable. You can find it along the way: "Service" - "Macro" - "Security".
  • When working with a document, a system message may appear indicating an error.
  • The file behaves differently in a different way.
  • If you right-click on the context menu of a suspected document and click on "Properties", then in the sections of the Summary tab the malicious program developer will specify random information or just a character set.

Troubleshooting

Any trouble is easiest, of course, to prevent. In this case, your computer must have a modern antivirus with a constantly updated database of threats. Many such programs have a monitor loaded in RAM. It detects infected files already in an attempt to open them. The anti-virus primarily tries to cure such a document; if it fails (which happens very rarely) it blocks access to it.

what files do macro viruses infect

If you find a threat on an unprotected computer, you need to download an antivirus or an appropriate utility that will detect, neutralize or delete the infected file. It is also important to be vigilant by yourself: do not open documents from sources unknown to you, or, in extreme cases, before scanning them for malicious elements.

Macro viruses are threats spreading through text and table files. Today it is easy to detect and eliminate, which does not detract from the danger and harm caused by this malicious program.

Source: https://habr.com/ru/post/C1319/

More articles:


All Articles