Macro viruses were at one time the most prevalent virus type. Although mixed threat attacks and Web-based threats are now most common, macro viruses continue to be among the most common types of file infectors, especially in Microsoft™ Office documents and compressed files.

Macro viruses are not confined to one operating system—they are application specific, so they can be spread between DOS, Windows, Macintosh, and OS/2 systems. With the ability to travel by email, and the increasing power of macro code, macro viruses remain a true threat.

To combat macro viruses, Trend Micro has developed MacroTrap, a heuristic scanning method that performs a rules-based examination of macro code within a document. Macro virus code is typically a part of the invisible code (.dot, for example, in Microsoft Word) that travels with the document. MacroTrap checks the code for signs of unknown macro viruses by seeking out the instructions that perform virus-like activity—for example, copying parts of the code to other document files (replication) or executing harmful commands (destruction).

In addition to MacroTrap, IWSVA supports the automatic and global removal of all macros as they cross the FTP and HTTP gateway (for example as an immediate but short term solution to a sudden macro virus outbreak).

See also: