Vesselin Bontchev
Computers & Security, Vol. 17, No. 1, pp.69-89
ISSN 0167-4048
1998
Download PDF (2.1Mb) (You need to be registered on forum)Computer viruses written in the macro programming language of the popular office applications like Microsoft Word have become extremely widespread. Unlike the MS-DOS viruses which are single entities, the macro viruses often consist of entire sets of several independent macros. This poses some interesting theoretical problems to the virus-specific anti-virus software that attempts to identify exactly the viruses it detects.Two viral sets of macros can have common subsets - or one of the sets could be a subset of the other.The paper deals with the problems caused by this, some of which are extremely difficult, if not impossible to solve. Emphasis is put on how the difficulties could be exploited by the virus writers and how the anti-virus products should be improved in order to be made resistant to such attacks and to avoid damaging the user’s documents when misidentifying the virus in it and attempting to remove the wrong virus variant.