[10037] in bugtraq
Re: Melissa Macro Virus
daemon@ATHENA.MIT.EDU (Doug Granzow)
Mon Mar 29 17:44:20 1999
Date: Mon, 29 Mar 1999 10:52:07 -0500
Reply-To: Doug Granzow <dgranzow@GUNZOUR.ISBU.DIGEX.NET>
From: Doug Granzow <dgranzow@GUNZOUR.ISBU.DIGEX.NET>
X-To: Matthew Kirkwood <weejock@FERRET.LMH.OX.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <E14947B05218D111AC9000AA002F4CE313380E@p5100.aistrat.com>
Matthew Kirkwood (weejock@FERRET.LMH.OX.AC.UK) writes:
>On Fri, 26 Mar 1999, Nate Lawson wrote:
>
>> 2. See if machine is already infected
>> Check HKCU\Software\Microsoft\Office\Melissa? for the string "... by
>> Kwyjibo"
>
>Surely just adding this key would provide effective safety? (Until
>modified versions hit the streets, anyway - ain't "open source" great
>:)
>
>Matthew.
This is probably not a good idea. Setting the key will prevent the virus
from sending the email, but it will not by itself prevent the virus from
spreading to other documents on your system.
- If you email a legitmate document that happens to be infected to someone
else, they will get infected, and if they were not previously infected,
they will send *your* document to the first 50 addresses in their address
book.
- If at some point in the future you remove the registry setting, the
first infected document you open will then be sent by the virus. Think
about the documents you have on your system, and think about what would
happen if one of the confidential ones was mailed to 50 people on your
address list.
Doug
