Chapter 5. Office – Macros and ActiveX
Information in this Chapter
There was a time people didn't think twice about leaving their doors unlocked or leaving the keys in the ignition in their car when they went into the store for a quick purchase. People were willing to do these things because it made life more convenient. As time passed and attackers took advantage of these choices, more people are beginning to think of the risk associated with their actions and are now considering choosing security over convenience. The basic trade-off between security and convenience, however, still exists in everyday life, especially in the computing world. What does this have to do with Microsoft Office? Well, Microsoft Office is the most popular integrated suite of desktop applications in the world. The flexibility and convenience associated with using robust applications and leveraging the programming capabilities within the applications is one of the reasons for this.
Macros are bits of code executed within a document to make life more convenient for the user. Macros can be programmed to perform functions such as hiding or showing tabs in Excel when a certain checkbox is selected, or to query a database for information and automatically populate a table in Word. A regular user with no programming skills can also leverage the power of macros by recording a set of specific keystrokes and running the macro whenever he needs to perform the same function multiple times. The integration of executable code into each of the various document types utilized by Office applications makes each of these applications much more powerful and makes life more convenient for the user.
Unfortunately, just like leaving your keys in your car means you don't have to search for your keys, this creates a fertile environment for deadly attacks against anyone who uses Office regardless of their operating system. In 1999, one of the deadliest attacks of all time leveraged the macros available within Word to shut down mail systems across the Internet. The Melissa virus was originally distributed through a Word document that contained the passwords for some Web sites hosting pornographic Web site content. Once opened, the virus embedded into the document as a macro would run and use Microsoft Outlook to mail itself to the first 50 addresses in the victim's address list. People seeing an e-mail from someone they knew would then open the document and continue the cycle allowing the virus to propagate further. For all of its notoriety, the Melissa virus wasn't actually destructive; however, some losses were experienced due to the unavailability of mail systems. It was just so successful at proving that a mass mailing worm could exist (it was just theoretical up to that point) it overwhelmed all other traffic on the Internet. A detailed review of the capabilities of the Melissa virus can be found on F-Secure's Web site.[A]