Re: Melissa Macro Virus

[bronek () wpi com pl (Bronek Kozicki)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is another kind of protection (and I used it sucesfully in my network
for last few months). Just set NORMAL.DOT read only attribute. When exiting
Word user will be warned with message "unable to save modified Normal.dot" -
he/she then comes to support, and then we know that we have problem. Of
course - normal.dot is placed in user's profile. This is pretty simple kind
of protection against macro-viruses in Word.


Bronek Kozicki

- --------------------------------------------------
ICQ UID: 25404796            PGP KeyID: 0x4A30FA9A
07EE 10E6 978C 6B33 5208  094E BD61 9067 4A30 FA9A



- -----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () NETSPACE ORG]On Behalf Of Brett Glass
Sent: poniedzia³ek, 29 marca 1999 06:18
To: BUGTRAQ () NETSPACE ORG
Subject: Re: Melissa Macro Virus


No. This key would only prevent the 50-message burst of e-mail. However, the
user's NORMAL.DOT template would still be infected. So would every document
he or she opened or created. And the moment one of those documents hit
a machine without the key that had Outlook running.... Blammo! Another salvo
of messages.

- --Brett

At 12:25 PM 3/27/99 +0000, Matthew Kirkwood wrote:
> On Fri, 26 Mar 1999, Nate Lawson wrote:
>
> > 2.  See if machine is already infected
> >     Check HKCU\Software\Microsoft\Office\Melissa? for the string "... by
> > Kwyjibo"
>
> Surely just adding this key would provide effective safety?  (Until
> modified versions hit the streets, anyway - ain't "open source" great
> :)
>
> Matthew.


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.0.2i

iQA/AwUBNwCxGr1hkGdKMPqaEQJBQQCg587thcxdR8CjaIxbo8UCayaN8EwAn3br
5s8HsoKmXblkIaaRd1+TBbm0
=9CNL
-----END PGP SIGNATURE-----