Fun_People Archive
21 Feb
MS Mail Virus

Content-Type: text/plain
Mime-Version: 1.0 (NeXT Mail 3.3 v118.2)
From: Peter Langston <psl>
Date: Fri, 21 Feb 97 16:29:34 -0800
To: Fun_People
Subject: MS Mail Virus

Forwarded-by: "Jack D. Doyle" <doylej@peak.org>

http://www.news.com/News/Item/0,4,8134,00.html

	Macro virus afflicts MS Mail
	By Janet Kornblum
	February 20, 1997, 2:30 p.m. PT

This virus is no hoax.

McAfee has found a new macro virus that will randomly send mail from people
who use Microsoft MS Mail, a company email system.

Internet bulletin boards are filled with dire warnings about email that will
infect your computer with viruses that will then destroy data and send nasty
email out to everyone in your email program. Those are hoaxes. This one
isn't.

Before you panic: "ShareFun," as it's called, is easily detectable and
preventable. Like all viruses transmitted through email, it is sent through
an email attachment. To get it, the user must execute t--usually by
double-clicking on the attachment icon within the email.

Most virus-savvy people won't open attachments unless they know who sent
them. And there lies the danger in this particular virus. By definition, it
always comes from someone you know, so you're more likely to trust it when
you get it. "That's part of the problem in all this," Jimmy Kuo, director
of antivirus research for McAfee, said today. "You receive it from a
friend."

McAfee learned about the virus through a customer. A large multinational
corporation suspected its email system was infected.  Kuo discovered they
were right. Here's the way it works, he explained: You receive an email from
a friend with a subject line reading "You have GOT to see this!"

When you open the email message it is blank. You see there is an attachment
so you double-click on it. When your computer launches Microsoft Word to
read the attachment, the virus is launched.

The virus then has a one-in-four chance of going back to the MS Mail program
and automatically sending out new messages with attachments of itself to
three people on your nickname list.

Whether it sends the email the first time, each time you open Microsoft
Word, the virus is launched again. Again, it has a 25 percent chance of
sending itself out through your email, Kuo said. The security risk inherent
in the virus is that every time it sends out email, it will send it out
whatever document you happen to be working on at the time.  In other words,
you could be working on a sensitive document that would be automatically
launched to three people in your email program.

The virus just reinforces the need to be careful about what programs you
execute and how you execute them. "With the increase in shared files and
sending documents back and forth, people need to always be careful when
opening documents," said Tom Williams, Microsoft product manager for Office.
MS Mail, he added, is being phased out and replaced with Microsoft Exchange,
so it isn't as prevalent. However, he could not say how many offices use MS
Mail.

Williams encouraged users to follow the rules of safe computing: Be careful
and also to make use of built-in protections. Word 97 has a built-in
function that will detect any macros--whether or not they are viruses. Those
who don't have Word 97 can nevertheless download the function. He also
recommended a good virus protection program.

Although this virus happened to hit MS Mail, the fact is, it could have hit
any email program. Macro viruses are incredibly simple to write.  "This is
an industrywide problem," Williams said. "Because Microsoft products are
the most prevalent, it's most often heard about through Microsoft products,
but everyone needs to be concerned about spreading viruses and protecting
themselves.

	Copyright ' 1995-97 CNET, Inc. All rights reserved.
prev [=] prev © 1997 Peter Langston []