TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Government departments and other users of Microsoft Word? Version 6 have
experienced widespread infections of their
systems (i.e Word) with unauthorized macros. One infected, all
subsequent documents created are corrupted with these
macros. Clean systems are infected simply by "opening" an infected
document. These macros meet the definition of
viruses due to their parasitic ability to infect and replicate. These
macros will only affect Word users and do not infect
other word processing systems.
The problem has developed due to the upgraded power of the WordBasic
macro language which was implemented in
Word Version 6 to give users "increased functionality". In order to
compete, other Word processing, Spreadsheet or Mail
packages may implement similar (or even compatible) functionality. The
macro viruses found to date have been named
DMV, Concept, Nuclear and Colors.
Symptoms include users noticing unknown/unauthorized macros (eg. AAAZAO,
AAAZFS, AutoOpen, Payload etc.)
installed in their Normal.dot (global template) file. These macros then
attach themselves to all subsequently saved
documents and get passed (or mailed) from user to user. The Colors
macros reportedly will randomly change a system's
colour settings (in the windows.ini file) after an internal counter
Many Ant-Virus software developers and Microsoft have attempted to
provide interim solutions. Currently these solutions
involve installing preemptive macros in your system to detect the
presence of executable or malicious macros in your
documents. These tools are available from sites on the Internet or on
the Technical Security Services, Bulletin Board
System in the Virus Files directory. SEIT recommends the implementation
of the latest Microsoft solution. In our
opinion, the problem is compounded by the design of their products and
licensed users should pressure them to provide
adequate solutions. As well, Antivirus software can now be updated with
new drivers or customized signature string files to
detect these known macros. Licensed users should implement these and now
habitually scan their Word documents.
It should be noted that SEIT has received several advisories on the new
macro virus named Colors. No actual reports of
this particular infection have been received from client departments, so
it may be having problems replicating. If the
details are correct however, the solutions referenced above do not
apparently prevent infections of this virus. Developers
are undoubtedly working on updates to their fixes. F-Prot and Dr.
Solomons and others have signature strings to detect it.
As more details are substantiated, notices will be posted on the BBS.
This information is from the developers of F-prot.
Bruce Conway, B.A. (Math/Pol Sci) - Tech Writer/Communicator
Society for Technical Communication (STC)
Vancouver Island Adv. Technology Centre