Latest News Stories:

• NORAD Intelligence Blackout
• Y2k -- You´re Okay
• Amiga Sold
• OSAll Plans
• The Belgians Need Our Help
• Back from Vacation
• Standards in Compsec
• NSA FOIA Request
• Happy Birthday Attrition
• More News...

Only $31.95

New Methodology:

• AS/400 Security
• Is YOUR Network Secure?
• Case Study: Stupidity of Sys Admins
• Solaris Auditing Overview
• Understanding NetBIOS
• Checking For RPC
• Sniffing FAQ
• More Soon...

Product Reviews

OSAll is starting to do weekly product reviews, to be published every single Friday.  Check out software, book and hardware reviews.

 Check it out!

Front | Methods | BBS | FAQ | Adverts | Mail | Write | Link | Shop

"Y2k, all hype, all the time."

Melissa Virus

We've all heard a lot about "Melissa," the Microsoft-based macro virus that's been playing hell with POP3 servers around the world.  It's really a pretty simple concept, though...

Basically, Melissa takes advantage of the new, more powerful macro language that Microsoft has placed in its new Office suites (97 and up).  The macros can be written in either Visual Basic or the Office proprietary system, and here's the kicker -- your macros can interact with other Microsoft products.

All that accused virus creator Smith did was exploit this obvious security flaw.   Basically he ordered Microsoft Office to do the following:

• Modify the default document template to include the Melissa virus
• Ask Office to send emails with the open document attached to the top 50 entries in Microsoft Outlook's adress book.

This kind of virus isn't new -- macro viruses have been around for years.  The new part about it is the handholding between the Microsoft programs, which allow a brand new level of vulnerability for everyone around.

The reasoning behind the handholding is quite simple, and even logical.  Macros are supposed to automate annoying tasks that you perform repetitively.  For instance, if you're going to want to attach a unique address to the front of a hundred form letters, you can write a macro to do that for you. 

The problem appears when the macros start to send emails for you, though... Or when the macros will interact with your hard drive for you.  The problems with both of those scenarios are obvious -- and it's only a matter of time before someone exploits them again.

Microsoft can implement a (relatively) simple fix to this, though.  We all know about their unique tracking number -- each instance of Microsoft Office has a unique number that's attached to every document created. 

All Microsoft has to do is modify the macro system so that you can only run macros created by you.  Additionally, they can allow you to add computers you trust -- and allow you to run macros created by them.

This way, a problem like that exhibited by Melissa could be avoided.  Listening, Microsoft?

Don´t forget to discuss this issue on the OSAll BBSystem!

All content copyright 1998 - 99 unless book covers or otherwise noted.  Book covers copyright 1998 - 99 Amazon.com.  All OSAll-owned content may be reprinted with the following header added: "Copyright 1998 - 99 Owl Services.  Visit aviary-mag.com for computer security news and information."  Article authors retain a non-exclusive right to republish their work.   324