It is 8:00 a.m. on a Friday morning. You only have a few meetings and then a weekend of relaxation. You check your electronic mail as usual, and see that you have 5 new messages. One of these messages, from a stranger, has an attachment included. Out of curiosity you double-click on the link to open the attachment.
DANGER There is now the possibility that you may have infected your computer with a macro virus. Unless you quickly detect and remove the virus you are at risk of (a) spreading the virus to others, and (b) losing your programs and data files.
When computer viruses, which are small program segments attached to programs or data files written to cause damage to files on a local computer first appeared, there were only two types. The first, called a 'program infector,' is a virus that attaches itself to a computer program. The virus is activated when the program is run.
The second kind of virus, a 'system infector,' infects some aspect of the computer operating system (such as command.com or the system master boot record) and is activated whenever the system is run. Both of these kinds of viruses are said to be 'platform-specific,' which means that they will only run on the type of computer (IBM, Macintosh, etc.) for which they were developed.
The year 1995 heralded the appearance of a new kind of virus. "The concept virus" takes advantage of Microsoft Word's macro programming capabilitiesthe option to automate frequently performed operations by recording the commands necessary to execute the taskto infect MS Word documents. Opening the infected document runs the macro and the MS Word application becomes infected. Furthermore, at some point after infection, the virus may exploit the file management capabilities built into MS Word to destroy other files randomly.
The introduction of the 'macro virus' has been especially worrisome for a number of reasons. First, the development of user-friendly electronic mail clients, such as Eudora, makes it very easy for users to exchange documents as binary attachments. Unfortunately, the macro virus is exchanged as part of the attachment. Second, since macro viruses exploit capabilities of the application program, they can be cross-platform. A Word macro virus on an IBM-PC could infect the MS Word application on a Macintosh. Third, in a paper published in Scientific American in November 1997, David Chess (from the IBM Thomas Watson research lab) pointed out that macro viruses are capable of independent evolution through random copying errors as they are distributed. (Although no instances of a macro virus evolving in the wild have yet been found).
Macro viruses are now by far the most common kind of virus, with over 6000 versions currently known. Luckily, a little preparation and knowledge can insulate you from this threat.
It is important to note that your computer cannot become infected with a macro virus unless you open an infected document. Simply reading electronic mail with an infected attached document will not damage your programs or data. To reiterate, your computer cannot become infected with a macro virus when you are simply reading electronic mail. You risk damaging your system and files only when you open an infected document that has been attached to an electronic message.
The first rule of handling an attached file is that you should never, ever open anything sent to you by someone you do not know! You should simply delete the mail and erase the attachmentwithout opening it. Some electronic mail clients, such as Eudora, have a setting to automatically erase attachments when the host mail is deleted. Alternately, you can use your system's file management commands to erase the attachment from the location to which it has been downloaded.
What about attachments sent by friends and co-workers? If the sender's computer is infected, then the infection will pass along to you.
The second rule of dealing with attachments is to always scan them with current commercial anti-virus software before opening them! Commercial anti-virus software is widely available and reasonably priced. When you purchase commercial anti-virus software the manufacturer should provide a way for you to get periodic updates to the 'virus definitions' that are used to identify new viruses. For more information on commercial anti-virus software please see the Penn State Anti-Virus Information web page (http://cac.psu.edu/~santoro/cac/virus.html).
There is also a risk present whenever a URL (a site's World Wide Web address) is received in an electronic message. In some cases, as evidenced by the recent Eudora 4.0/4.01 bug, a java applet, a small program written in the programming language Java, could be attached to electronic mail and its URL embedded in the text of the mail. When the reader selects the URL, the java applet is downloaded, often unknown to the user, and runs on the local computer. If the applet is written to inflict damage, disaster could result (alternately, the URL could point to unwanted and/or offensive material). In general, you should only follow URL's sent to you through electronic mail if that mail is coming to you from someone you know, and when the content of the page is described. This will help you to avoid wasting time with advertisements and other unsolicited attempts to lure you to goods or services.
By far, the best defense against macro viruses is to prepare yourself with awareness and quality anti-virus software tools. Awareness of the threat will lead you to use discretion and to simply erase any unsolicited attachments. A current commercial anti-virus package will allow you to scan any attachments you want to open, to be sure they are safe before doing so.
Finally, be sure to maintain backup copies of your system, application and data files just in case! They will be your only hope for recovery if disaster should strike.
Following are resources for further information regarding macro viruses and computer security:
Penn State Anti-Virus Resource Page
http://cac.psu.edu/~santoro/cac/virus.html
IBM Anti-virus Online
http://www.av.ibm.com/current/FrontPage/
Virus Research Unit
http://www.uta.fi/laitokset/virus/
Microsoft Macro Virus information Page
http://www.microsoft.com/office/antivirus.asp
Illustrations by ClickArt® Animals
& Nature and ClickArt® Business Art by T/Maker Co. All rights
reserved.
