-=> Quoting Julian Yap to Todd Copeland <=-
TC> JD's statement is correct. If a macro is executed by Word then more
TC> then reading a message is being done. Simply reading the document
TC> CANNOT activate a virus.
JY> Ever heard of the AUTOOPEN macro and various other auto-executable
JY> macros in Word? Simply reading a document CAN activate a virus in
JY> Word.
Actually, you're wrong. READING a document cannot execute the macro.
If you open the document in Word, and allow the macros to execute, they will
run and (depending on the macro) infect your NORMAL.DOT file, and other
iles.
If you READ it in anything other than Word, it will not infect you. Word
itself is the infector, and it's just interpreting the macros and executing
them.
The simple way around this is to hold when opening a document
in Word. This will disable AutoXxxx macros. You have to make sure you also
aren't running AutoClose macros as well. I delete all macros from all
documents that I get, after making copies of them to study.
We get around 4-500 infected documents per day where I work, and we
are using F-Macro to scan them all. They come in via cc:Mail and other
methods, so I would consider myself a little more of an authority on them
han
most (except Mikko and Vesselin ;). I've been writing some tools that have
been very effective in eliminating them from Word itself. I'll be releasing
them soon.
TC> It's the same thing with computer code. Reading it will not activate a
TC> virus but launching it will.
JY> Yes, that's is true with computer code though.
Remember, Word is the environment, not Windows, Mac, etc. You have to
RUN the macros in Word to infect. It's JUST like a regular virus. You have to
actually EXECUTE something.
-The Visionary
visionary@brazerko.com
... I didn't write this; a very complex macro did.
--- WtrGate+ 0.93.PRE6 beta sn 116
---------------
* Origin: hacker heaven bbs - #include (1:320/2600)
|