Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Virus attacks can come from strange places

Timothy Barmann
October 1996

[Back to index] [Comments]

They call him "Typhoid Dave."

Dave Butler's co-workers have so dubbed him because he inadvertently set loose a computer virus at work a couple of months ago.

Butler, an account executive for CORE Business Technologies of East Providence, got the virus from what many would consider an unlikely source: an e-mail message.

Most people are aware that running a program from a questionable source is risky. But few may be aware that simply opening certain types of e-mail documents, or even browsing particular Web pages can wreak havoc on your computer.

Just ask Textron.

The Providence-based conglomerate that makes everything from helicopters to garden machines suffered a virus attack on some of its PCs last month. The source was allegedly an e-mail message from a disgruntled employee who worked for a subcontractor of Textron, according to police. Textron subsequently lost some data stored over a 15-hour period because of the virus.

Court records indicate that the message allegedly sent through Textron's internal e-mail system contained a "macro" virus, a relatively new type discovered about 14 months ago.

Macro viruses differ from their traditional counterparts in that they hide in unlikely places: word processing and spreadsheet documents, rather than in computer programs. They can be activated simply by opening an infected letter with a word processing program.

Macro viruses, like all computer virus, have a wide range of side effects. Some may simply be annoying, such as one that adds a word or two to a document. Another may play a tune, like one that plays Yankee Doodle Dandy at 5 p.m.

Other, more malicious, viruses can erase all the programs on a computer's hard drive.

Though these hidden menaces can be detected by the latest anti-virus software, few people check for them, said Eugene Spafford, of Purdue University, director of the country's largest university-run computer security laboratory.

"The majority of people who have been educated about computer viruses don't understand about macro viruses and are less likely to take precautions," he said.

That, combined with the fact that workers exchange documents when collaborating on projects, makes for a fertile environment for viruses to thrive, he said.

'The biggest virus threat'

Dr. Solomon's, a Burlington, Mass., company that makes anti-virus software, claims that macro viruses will become "the biggest virus threat to computer users worldwide."

Though macro virus make up only about 50 of about 10,0000 viruses discovered over the past 10 years, they are becoming more common. Dr. Solomon's said that "Concept," the first major macro virus discovered, accounted for 20 percent of all calls to its help line during the first quarter of this year.

The Concept virus, which hides in Microsoft Word documents, doesn't do much - it displays a box on the screen containing the number "1." It also annoyingly forces files to be saved as templates instead of standard documents; that's how it replicates itself.

It was the Concept virus that was hidden in the e-mail message Butler received from a subcontractor and accidentally passed to his colleagues - and to the company president.

It is especially widespread because in August of 1995, software giant Microsoft unwittingly sent out thousands of CD-ROMs that contained it, according to Dr. Solomon's. (Microsoft offers a free fix for the virus at its Web site, http://www.microsoft.com/kb/softlib.)

Macro viruses are not only becoming more common, they are getting more destructive, according to Chris Harget, product marketing manager for McAfee & Associates, the maker of anti-virus software.

The company has discovered at least two that try to delete files on a hard drive.

Besides macro viruses, the other serious security threat comes from browsing the World Wide Web.

Web pages can now contain mini-programs or "applets." These programs or scripts are automatically downloaded and executed on your computer, if your Web browser is programmed to understand them. They add features to Web pages - such as a moving ticker symbol.

But these applets can also be destructive by issuing malicious commands that could cause a computer to erase its own files.

The most popular Web browsers - Netscape Navigator and Microsoft Internet Explorer - have been designed to protect a user against such problems. Nevertheless, security bugs relating to these types of applets have been found in both products.

InteliCom Data Systems, an East Greenwich-based Internet provider, put a warning for customers on its Web site last month after researchers at Princeton University discovered a security flaw with Microsoft's Web browser.

Both Netscape and Microsoft are continually releasing new versions of their software and have fixed the current problems.

"If you're using an up-to-date Web browser, you are usually safe against the known attacks," says a question-and-answer page written by Princeton's "Safe Internet Programming Team."

But the team warns that, of course, you are not safe from security holes yet to be discovered.

To learn more:

The most popular anti-virus software companies offer descriptions of macro and traditional viruses on their Web sites. Some offer trial versions of their software:

Princeton University has assembled a frequently-asked-question file about Web browser security issues at http://www.cs.princeton.edu/sip/java-faq.html

Timothy C. Barmann is a Journal-Bulletin staff writer. His column runs every other Sunday on the On Line page. Send him comments via e-mail at [email protected] or U.S. mail, c/o the Journal-Bulletin, 75 Fountain St., Providence, R.I. 02902.

Copyright (c) 1996 by Timothy C. Barmann. This article is intended for personal viewing only and may not be re-distributed in any form. Please e-mail link requests.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua