Throwback Thursday: Macro Viruses & The Little Virus That Could...

Posted by   Virus Bulletin on   Jun 18, 2015

This Throwback Thursday, we turn the clock back to 1999, when Melissa was causing havoc across the globe and VB presented a series of articles detailing all you ever wanted to know about macro viruses but were afraid to ask.

Until recently, macro viruses were a thing of the past — true 'retro' viruses (as opposed to retroviruses), thanks in large part to security improvements introduced into Microsoft Office products in the early 2000s. Over recent months, however, we have seen a resurgence of macro malware: malware authors have started to use social engineering to trick users into enabling macros, thus allowing the malicious code to be executed. One of the most recent examples of this is the Vawtrak trojan, which spreads through Office macros.

Back in the 90s, macro viruses really were the scourge of the internet, and in 1999, Igor Muttik presented a series of articles detailing all you ever wanted to know about macro viruses but were afraid to ask — giving an insight into the environment in which macro viruses live, summarizing their main features and those of their host applications, explaining the terminology and providing a basic knowledge of how macro viruses operate.

1999 was also the year in which the infamous Melissa macro virus caused havoc around the globe. As one of the first successful email-aware viruses, Melissa forced large companies to shut down their email gateways in an effort to halt its spread, and caused damages estimated to exceed US$80 million. Ian Whalley presented a full analysis of 'the little virus that could...'

Igor Muttik's series of articles can be read as follows:

  • Part 1 here in HTML-format, or download it here as a PDF.
  • Part 2 here in HTML-format, or download it here as a PDF.
  • Part 3 here in HTML-format, or download it here as a PDF.

Ian Whalley's analysis of Melissa can be read here in HTML-format, or downloaded here as a PDF (no registration or subscription required).

Posted on 18 June 2015 by Helen Martin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.