| |
| News and Reviews |
Windows Mac DOS Everyone
|
Some of the newest and most dramatic changes in computer viruses and how they
infect computers have come about because of the very powerful macro language
built into Microsoft Word. The Word "macro viruses" are a new type of program
virus that use the WordBasic macro language to replicate themselves. The most
notable difference in this new family of viruses is their platform independence
-- they infect Word documents and templates on DOS, Mac, Windows 3.x, Windows
95, and Windows NT operating systems.
Once an infected document is opened and the virus launched, it will
infect your Word normal.dot template. This is the basic Word document template;
it is used by default for new documents, and is the basis of most other
templates. So once the macro virus has infected your normal.dot template,
the virus will spread to all other documents and templates as they are
opened. This will immediately put the virus in control every time you launch
MS Word.
The WinWord macro viruses all use or infect a number of Word macros, including
aaazfs, aaazao, AutoExec, AutoOpen, DropSuriv, FileExit, FilePrint, FilePrintDefault,
FileSaveAs, InsertPayload, and PayLoad. Most don't infect the Save macro in
the File menu, so using File --> Save is an important part of protecting yourself
from these macros.
In most cases, you'll know that you have a macro virus when you see
their macros listed in the Word Tools --> Macro... or File --> Templates
--> Organizer --> Macros menu. These menus also provide the cure for the
virus infection: delete the infected macros from menu, Save it, and repeat
for every infected document and template.
For more information, see "macro
viruses" in Alki Software's WORDinfo
Web site at: http://www.wordinfo.com/
or Dr. Solomon's Intro
to Macro Viruses at: http://www.drsolomon.com/vircen/vanalyse/macvir.html
- The WinWord Concept virus
- The Concept virus is rather benign (other than being very infectious);
its Payload macro displays a message: That's enough to prove my point.
- The WinWord Nuclear virus
- The WinWord Nuclear virus is particularly vicious if it installs itself
on April 5th of any year, when it deletes necessary system setup files. Also,
if it is installed between 5:00 PM and 5:59 PM (inclusive) on any day, it
drops Ph33r into your c:\dos directory. Ph33r is a fully replicating virus
that infects both Windows and DOS executables (.com and .exe files). It carries
a message that it adds to the last page of any document printed during the
last 4 seconds of any minute: And finally I would like to say: STOP ALL FRENCH
NUCLEAR TESTING IN THE PACIFIC!
- Colors
- Colors is a new and somewhat different Word macro virus. Colors propagates
even if you've disabled AutoMacros. Nevertheless, you can use File --> Templates
--> Organizer --> Macros to view and delete the virus's macros. The Colors
also keeps a count of each time you use an infected macro other than AutoExec;
the counter, countersu, is kept in your win.ini file under [windows]. When
it reaches 299 and every 300th time thereafter, the virus changes your Windows
colors settings (text, background, buttons, borders, etc.) to randomly selected
colors, so the next time you start Windows, you'll have a most unusual and
weird color palette.
|
|
