[3081] in WWW Security List Archive
Re: New and destructive word macro virus
daemon@ATHENA.MIT.EDU (Bob Daems)
Wed Sep 25 22:36:40 1996
Date: Wed, 25 Sep 96 17:21:00 PDT
From: Bob Daems <Bob_Daems@ccm.ch.intel.com>
To: www-security@ns2.rutgers.edu
cc: best-of-security@suburbia.net
Errors-To: owner-www-security@ns2.rutgers.edu
Text item:
Set Template\*.dot (except when you are editing) to read only !
;-)
______________________________ Reply Separator _________________________________
Subject: New and destructive word macro virus
Author: www-security@ns2.rutgers.edu at SMTPGATE
Date: 9/25/96 21:30
A new macro virus word has been found
Informations i have :
- uses path variable to find a target
- deletes (!) the target
Type : assembles itself in Normal.dot through multiple word documents
Protection : nothing with Fprot, not recognized by antivirus software
Question :
Except a change in normal.dot Size, how could we prevent these macros to
infect entire file (.doc & .dot) systems ?
Your answer is urgently needed, if you need a description of an infected
macro, we could send you one !!
If you are not sure of the seriousness of this message, let me know..
the point is this awful sh.. already deleted my DOS, NOTES, & WINDOW
directory.
Any suggestions...
Help urgently required ...
Text item: External Message Header
The following mail header is for administrative use
and may be ignored unless there are problems.
***IF THERE ARE PROBLEMS SAVE THESE HEADERS***.
Errors-To: owner-www-security@ns2.rutgers.edu
Precedence: bulk
Sender: owner-www-security@ns2.rutgers.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Subject: New and destructive word macro virus
CC: best-of-security@suburbia.net
To: www-security@ns2.rutgers.edu
MIME-Version: 1.0
X-Mailer: Mozilla 3.0Gold (Win95; U)
Reply-To: ivan@club-internet.fr
From: ivan <ivan@club-internet.fr>
Date: Wed, 25 Sep 1996 21:30:24 +0200
Message-ID: <32498850.6780@club-internet.fr>
Received: from ivan (ppp-206-189.neuilly.club-internet.fr [194.117.206.189]) by
speedy.grolier.fr (8.7.6/MGC-960516) with SMTP id VAA11125; Wed, 25 Sep 1996 21:
32:41 +0200 (MET DST)
Received: from speedy.grolier.fr (root@speedy.grolier.fr [194.158.97.87]) by ns2
.rutgers.edu (8.6.12+bestmx+oldruq+newsunq/8.6.12) with ESMTP id PAA29345 for <w
ww-security@ns2.rutgers.edu>; Wed, 25 Sep 1996 15:35:37 -0400
Received: (from daemon@localhost) by ns2.rutgers.edu (8.6.12+bestmx+oldruq+newsu
nq/8.6.12) id PAA29351 for www-security-outgoing; Wed, 25 Sep 1996 15:36:03 -040
0
Received: from ns2.rutgers.edu (ns2.rutgers.edu [128.6.21.2]) by ormail.intel.co
m (8.7.6/8.7.3) with SMTP id PAA13387; Wed, 25 Sep 1996 15:34:07 -0700 (PDT)
Received: from ormail.intel.com (ormail.intel.com [134.134.248.3]) by relay.jf.i
ntel.com (8.7.4/8.7.3) with ESMTP id PAA17856; Wed, 25 Sep 1996 15:34:07 -0700 (
PDT)
Return-Path: owner-www-security@ns2.rutgers.edu
