previous page: 7.3 Mac Trojan Horses (Viruses and the Mac)
page up: Viruses and the Mac FAQ
next page: 7.5 Other Operating Systems, emulation on a Mac (Viruses and the Mac)

7.4 Macro viruses, trojans, variants (Viruses and the Mac)


This article is from the Viruses and the Mac FAQ, by David Harley D.Harley@icrf.icnet.uk with numerous contributions by others.

7.4 Macro viruses, trojans, variants (Viruses and the Mac)

At the time of the longstanding second-to-last upgrade of
Disinfectant (version 3.6 in early 1995), there were no known macro
viruses in the wild, apart from HyperCard infectors. In any case,
Disinfectant was always intended to deal with system viruses, not
trojans or macro/script viruses. However, many users are unaware of
these distinctions and still assume that Disinfectant is a complete
solution, even after its effective demise (in fact, there were
people still relying on Gatekeeper long after its author disowned

Unfortunately, the number of known macro viruses runs into several
thousand, though the number in the wild is far fewer.

Most macro viruses (if they have a warhead at all) target Intel
platforms and assume FAT-based directory structures, so they
usually have no discernible effect on Macs when they trigger.
Viruses that manipulate text strings within a document may work
just as well on a Macintosh as on a PC.

In any case, the main costs of virus control are not recovery from
virus payloads, but the costs of establishing detection and
protection (or of not establishing them). The costs of not
establishing these measures can be considerable, irrespective of
damage caused on infected machines, especially in corporate
environments. Secondary distribution of infected documents may
result in:

* civil action - for instance, inadvertent distribution of an
infected document to external organisations may be in breach of
contractual obligations

* legal action in terms of breach of data-protection legislation
such as the UK Data Protection Act or the European Data Protection
directive. The eighth principle of the Data Protection Act, for
instance, requires that security measures are taken to protect
against unauthorised access to, and alteration, disclosure and
destruction of personal data, or its accidental loss.

* damage to reputation - no legitimate organisation wants to be
seen as being riddled with viruses.

Since Word 6.x for Macintosh supports WordBasic macros, it is as
vulnerable as Word 6.x and 7.x on Intel platforms to being infected
by macro viruses, and therefore to generating other infected
documents (or, strictly speaking, templates). Working Excel viruses
are now beginning to appear also, and any future Macintosh
application that supports Visual Basic for Applications will also
be vulnerable. Note also that the possibility of virus-infected
files embedded as objects in files associated with other
applications: this possibility exists on any platform that supports

Office 98 is in general vulnerable to infection by most viruses which
affect corresponding applications in Office 97.

Macro viruses are therefore highly transmissible via
Macintoshes, even if they don't have a destructive effect on
Motorola platforms, if there is an equivalent application
available on the Macintosh. For instance, although Word for
Windows versions before vs. 6 support WordBasic, Word
versions for the Mac up to and including version 5.1 do not.
[Thus Word 5.1 users can not be directly infected, but may,
like anyone, pass on infected documents to vulnerable systems.]]

Network Associates, Symantec, and Intego all make known-virus
scanners that detect a range of macro viruses. Microsoft make
available a free 'protection tool' whose effectiveness is often
overestimated. (See below.)

[I'm no longer able to find any reference on Intego's site to Rival:
their efforts seems to be focused on their personal firewall for Macintosh.]

For further information on specific macro viruses, try one of the
information resources given earlier.


Continue to:

previous page: 7.3 Mac Trojan Horses (Viruses and the Mac)
page up: Viruses and the Mac FAQ
next page: 7.5 Other Operating Systems, emulation on a Mac (Viruses and the Mac)