[10053] in bugtraq
Re: Melissa Macro Virus
daemon@ATHENA.MIT.EDU (Brett Glass)
Wed Mar 31 01:48:00 1999
Date: Tue, 30 Mar 1999 22:29:40 -0700
Reply-To: Brett Glass <brett@LARIAT.ORG>
From: Brett Glass <brett@LARIAT.ORG>
X-To: bronek@wpi.com.pl
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000601be7aa6$46d952c0$cbc9a8c0@osowa.poland.wpi>
Melissa doesn't just infect NORMAL.DOT. It also infects anything you open
after you've opened the infected document. Read the code....
--Brett
At 02:10 PM 3/30/99 +0200, Bronek Kozicki wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>There is another kind of protection (and I used it sucesfully in my network
>for last few months). Just set NORMAL.DOT read only attribute. When exiting
>Word user will be warned with message "unable to save modified Normal.dot" -
>he/she then comes to support, and then we know that we have problem. Of
>course - normal.dot is placed in user's profile. This is pretty simple kind
>of protection against macro-viruses in Word.
>
>
>Bronek Kozicki
>
>- --------------------------------------------------
>ICQ UID: 25404796 PGP KeyID: 0x4A30FA9A
>07EE 10E6 978C 6B33 5208 094E BD61 9067 4A30 FA9A
