Big Brother Awards
quintessenz search  /  subscribe  /  upload  /  contact  
/q/depesche *
/kampaigns
/topiqs
/doquments
/contaqt
/about
/handheld
/subscribe
RSS-Feed Depeschen RSS
Hosted by NESSUS
<<   ^   >>
Date: 1999-03-30

Melissa mutiert: Excel Macro-Virus aufgetaucht


-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

q/depesche 99.3.30/1
updating 99.3.29/1

Melissa mutiert: Excel Macro-Virus aufgetaucht

Die Schäden durch die Melissa-Epidemie sind noch nicht
einmal aufgenommen, da treten schon die ersten Mutationen
in Form von Excel-Macros auf, die nicht anhand der für
Melissa typischen Eigenschaften zu identifizieren sind.

Inzwischen ist auch klar, dass der MS-Outlook Mailer nicht
einmal in Verwendung stehen muss, er braucht nur
konfiguriert zu sein, um Melissa automatisch zu verbreiten.
Desgleichen wird ab Infektion jedes Word-Dokument
automatisch Melissa-Überträger, der Virus nistet sich
nämlich in der Vorlage Normal.dot ein.

Soviel Aufregung, dabei sind weder das Original noch die
Mutationen auf echt böse Wirkung programmiert.

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
The Melissa virus is already mutating into more destructive
variants, confirming the worst fears of computer security
experts

One incarnation of the virus spreading around the Internet
does not contain the "Important Message From" subject line
that has identified Melissa. Yet another version employs an
Excel macro which would similarly bypass barriers put in
place over the weekend by network administrators.
...
"It looks like these guys -- the virus writers -- are trying to
one-up each other," said Dan Schrader, director of product
marketing at Trend Micro, an anti-virus software firm.

After the virus began circulating around the Internet on
Friday, IT managers worked furiously to block its spread,
filtering out e-mails with the original subject line. But now
they'll need to go back to the drawing board because the new
variants could bypass protections already put in place.

What's more, computer security experts warn that the
Melissa clones could easily be created to carry more lethal
payloads.

Above all, they say that it wouldn't be hard to create a variant
of Melissa that uses MAPI, an e-mail standard, to create a
virus that spreads by co-opting functions in all e-mail
programs. The original Melissa just targets Microsoft's
Outlook mail software.
....
The most devious -- if not original -- aspect of "Melissa" is
how it infects. If the user has Microsoft's Outlook mail client,
the macro sends the document to the top 50 addresses in
user's address book, appending the subject line "Important
Message From" and then the username of the apparent
sender. The body of the message has the text, "Here is the
document that you asked for -- don't show anyone else ;-)"
and the current file is attached. Since the first 50 addresses
in Outlook databases tend to be e-mail groups, the virus can
spread to hundreds of users at a time.

There's a risk even if the user does not normally use Outlook.
Security experts say that as long as Outlook is set up to
send mail on the user's system, the infected documents will
get sent. In addition, the default Word template -- which acts
as the basis of every new document that the user creates --
will get infected with the virulent macro code. Subsequent
Word documents created by the user will also contain the
virus.
....
Already, a variant with a blank subject line has emerged on
the Internet, according to Trend Micro Inc. Another one, using
an Excel macro to spread was posted on the news group
alt.bondage and is contained in a message labeled "Urgent
info inside. Disregard macro warnings."

An early look at Excel variant indicates it used an e-mail
standard known as MAPI to manipulate several different
messaging software programs, not just Outlook, as Melissa
does. Also, opening the spreadsheet triggers 60 e-mails to a
user's address book, ten more than the Melissa virus.

full text
http://www.zdnet.com/zdnn/stories/news/0,4586,2233667,00.html

-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
"There is no solution because there is no problem" Marcel Duchamp
http://www.heimatseite.com/revamp-duchamp
-.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-

- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
edited by Harkank
published on: 1999-03-30
comments to office@quintessenz.at
subscribe Newsletter
- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.- -.-. --.-
<<   ^   >>
Druck mich

BigBrotherAwards
Live Stream


25. Oktober 2021
freier Eintritt
#BBA21
Big Brother Awards Austria


 CURRENTLY RUNNING
q/Talk 1.Juli: The Danger of Software Users Don't Control
Dr.h.c. Richard Stallman live in Wien, dem Begründer der GPL und des Free-Software-Movements
 
 !WATCH OUT!
bits4free 14.Juli 2011: OpenStreetMap Erfinder Steve Coast live in Wien
Wie OpenStreetMaps die Welt abbildet und was ein erfolgreiches Crowdsourcing Projekt ausmacht.