[2803] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Stephen Cobb)
Mon Aug 26 13:46:11 1996
Date: Mon, 26 Aug 1996 11:44:23 -0400
To: gjhinek@PacBell.com (Jerry Hinek)
From: Stephen Cobb <stephen@iu.net>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 08:38 AM 8/20/96 -0700, you wrote:
>Macro viruses are a big pain, and are a legitimate www security concern,
>especially since some of them now threaten to wipe out files on your hard
>drive. Macro viruses are spreading all over the place as attachments to
>e-mail. People can send an infected document to a mailing list, and expose
>hundreds of people to the virus. These viruses propagate very quickly,
>mostly because of e-mail attachments and intranet downloads.
>
>Besides keeping current with the latest anti-virus software, several av
>vendors suggest making the normal.dot file in the templates directory a read
>only file. Macro viruses spread by infecting this normal template, which in
>turn infects any document that is subsequently opened or created. Some users
>want to make occasional changes to normal, but many of them aren't even
>aware that it exists. It's easy and safe protection from spreading macro
>viruses. Doing that won't remove macro viruses from infected documents, and
>you want ot make sure that normal.dot is infection free before you make it
>read only, but it is easy, relatively cheap insurance. Use a current version
>of an anti-virus product, then protect normal.dot.
>=======================================
>Jerry Hinek, Senior Security Specialist
>(510) 823-2246
>gjhinek@pacbell.com
>PB1(GJHINEK) from PROFS
>
Good advice Jerry...NCSA studies suggest winword.concept has become the most
widespread virus and got to that point faster than any previous virus.
Here's a good quote from a Microsoft project manager last February "At
Microsoft We scan every server every day [for the winword.concept virus] and
we are still getting infected."
Fast forward to August, and Spencer F. Katt reports that Msoft Internet czar
Brad Silverberg sent out to his troops, as an email attachment, a Word doc
describing the benefits of Internet Explorer 3.0, infected with winword.concept.
I have caught flak myself for saying "winword.concept does not destroy
data." Of course, I mean that destroying data is not part of the payload,
but I have heard from quite a few people who have had large documents so
screwed up by infection and attempted disinfection, that they have indeed
lost data.
Stephen
