Given how much malware was written targeting the fact that you could embed it in something like a spreadsheet with full access to windows API stuff it was doomed to suffer eventually like that. The entire security model was non-existent and it just opened up such a can of worms. The funny thing is how unlikely it is someone will get hit with working malware written in vb6 today because of AV engines and how easy it is to slip under the radar just doing it in go or whatever