[10042] in bugtraq
Re: Melissa Macro Virus
daemon@ATHENA.MIT.EDU (Bronek Kozicki)
Tue Mar 30 21:32:02 1999
X-Mdaemon-Deliver-To: BUGTRAQ@NETSPACE.ORG
Date: Tue, 30 Mar 1999 14:10:18 +0200
Reply-To: bronek@wpi.com.pl
From: Bronek Kozicki <bronek@WPI.COM.PL>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <4.2.0.32.19990328211634.044b9930@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is another kind of protection (and I used it sucesfully in my net=
work
for last few months). Just set NORMAL.DOT read only attribute. When exi=
ting
Word user will be warned with message "unable to save modified Normal.d=
ot" -
he/she then comes to support, and then we know that we have problem. Of
course - normal.dot is placed in user's profile. This is pretty simple =
kind
of protection against macro-viruses in Word.
Bronek Kozicki
- --------------------------------------------------
ICQ UID: 25404796 PGP KeyID: 0x4A30FA9A
07EE 10E6 978C 6B33 5208 094E BD61 9067 4A30 FA9A
- -----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ@NETSPACE.ORG]On Behalf Of Brett Glas=
s
Sent: poniedzia=B3ek, 29 marca 1999 06:18
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Melissa Macro Virus
No. This key would only prevent the 50-message burst of e-mail. However=
, the
user's NORMAL.DOT template would still be infected. So would every docu=
ment
he or she opened or created. And the moment one of those documents hit
a machine without the key that had Outlook running.... Blammo! Another =
salvo
of messages.
- --Brett
At 12:25 PM 3/27/99 +0000, Matthew Kirkwood wrote:
>On Fri, 26 Mar 1999, Nate Lawson wrote:
>
>> 2. See if machine is already infected
>> Check HKCU\Software\Microsoft\Office\Melissa? for the string "..=
. by
>> Kwyjibo"
>
>Surely just adding this key would provide effective safety? (Until
>modified versions hit the streets, anyway - ain't "open source" great
>:)
>
>Matthew.
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i
iQA/AwUBNwCxGr1hkGdKMPqaEQJBQQCg587thcxdR8CjaIxbo8UCayaN8EwAn3br
5s8HsoKmXblkIaaRd1+TBbm0
=3D9CNL
-----END PGP SIGNATURE-----
