Throwback Thursday: Macro Viruses & The Little Virus That Could...

Posted by   Virus Bulletin on   Jun 18, 2015

This Throwback Thursday, we turn the clock back to 1999, when Melissa was causing havoc across the globe and VB presented a series of articles detailing all you ever wanted to know about macro viruses but were afraid to ask.

Until recently, macro viruses were a thing of the past — true 'retro' viruses (as opposed to retroviruses), thanks in large part to security improvements introduced into Microsoft Office products in the early 2000s. Over recent months, however, we have seen a resurgence of macro malware: malware authors have started to use social engineering to trick users into enabling macros, thus allowing the malicious code to be executed. One of the most recent examples of this is the Vawtrak trojan, which spreads through Office macros.

Back in the 90s, macro viruses really were the scourge of the internet, and in 1999, Igor Muttik presented a series of articles detailing all you ever wanted to know about macro viruses but were afraid to ask — giving an insight into the environment in which macro viruses live, summarizing their main features and those of their host applications, explaining the terminology and providing a basic knowledge of how macro viruses operate.

1999 was also the year in which the infamous Melissa macro virus caused havoc around the globe. As one of the first successful email-aware viruses, Melissa forced large companies to shut down their email gateways in an effort to halt its spread, and caused damages estimated to exceed US$80 million. Ian Whalley presented a full analysis of 'the little virus that could...'

Igor Muttik's series of articles can be read as follows:

  • Part 1 here in HTML-format, or download it here as a PDF.
  • Part 2 here in HTML-format, or download it here as a PDF.
  • Part 3 here in HTML-format, or download it here as a PDF.

Ian Whalley's analysis of Melissa can be read here in HTML-format, or downloaded here as a PDF (no registration or subscription required).

Posted on 18 June 2015 by Helen Martin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

New article: Dissecting the design and vulnerabilities in AZORult C&C panels

In a new article, Aditya K Sood looks at the command-and-control (C&C) design of the AZORult malware, discussing his team's findings related to the C&C design and some security issues they identified.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.