The basis of EVERY MS Office macro virus
. This isn't some kind of secret. What are they? They are VBA functions
that are embedded in a document or your normal template that execute actions whenever a document opens or executes an Office app.
They are very powerful because they allow people to perform many complicated tasks using MS's scripting aspect built into those applications. However well gaurded that recent versions of Office are, they are still vulnerable to attack and system administrators must be wary of such attacks against their users.
All in all, VBA is a whole nother discussion, but those two are the culprits: AutoOpen and AutoExecute. The virus-ness of viruses for Office boils down to those two simple function calls. Wouldnt it be nice if all viruses on a PC
needed the virus opcode? Just a thought...