This virus can NOT be spread by any H-Net messages or files.
(That's because we only send out ascii files, which are safe, and
we never send "binary" files.)
But such a virus theoretically could be spread by people who send
WORD files to each other indiscriminately.
If you exchange MS WORD (version 6.0) files with people,
please read the precautions. If you use Word Perfect, Word Star,
or earlier version of WORD you are safe.
Fortunately, this particular virus causes no real damage and is
not yet widespread. Unfortunately, the "macro" feature of WORD
does allow for vandals to easily easy create harmful viruses, and
someday there may be one. H-Net will promptly provide
information as it becomes available. Please be careful about
warning others: the computer world if full of virus "hoaxes" that
cause great fear and confusion. This virus is real, but it is
too early to say if it is a serious problem. To our knowledge no
H-Net user has actually seen this virus.
H-Net Staff.
-----------------TULANE ALERT on MS WORD VIRUS -----------------
Microsoft Word Macro Virus Information
A virus that infects Microsoft Word documents and templates has recently
been discovered. The Word Macro virus is the first instance of a virus
type that resides in documents instead of executable program files, and
can spread to different operating system platforms. The Word Macro virus
spreads by modification of data in files (Mircrosoft Word documents).
Any systems that are capable of running Microsoft Word 6.0 can be affected
by the Word Macro virus. Transfer of files between systems can spread the
virus. Thus, transferring Word files between Macintosh, DOS, OS/2,
Windows, NT, or other platforms can spread the virus.
The Word Macro virus does not cause data loss or any other serious system
corruption, but is an annoyance. The Microsoft Word "Save As" command on
affected systems will cause documents to be saved as templates, which will
contain the macro.
The first time that an infected document is opened on a system, a dialog
box containing only the number "1" and an "OK" button will be displayed.
The virus adds several new macros to the global macro pool: "AAAZA0",
"AAAZFS", "Payload", and "FileSaveAs". The virus is activated in an
infected file when you choose the "Save As" feature in the "File" menu.
The altered macros are then saved with the file, and may be saved in the
global template file as well.
You can determine if your system is infected with the Word Macro virus by
examining the defined macros for a file to determine if any of the
identified suspicious macros are present. Select "Macro" from the "Tools"
menu within Microsoft Word, and examine the list for any of the macro
names identified above.
Users of MIME-compliant mailers such as Eudora, or WWW browsers such as
Netscape, should also be careful. Users who have these types of
applications configured to recognize Microsoft Word documents and
automatically start Word may also allow the virus to be reintroduced into
systems via mail or a WWW page. You should use such automatic execution
with caution.
MORE INFORMATION
One of the best descriptions of the virus is available from IBM's WWW
server: <http://www.research.ibm.com/xw-D953-wconc>.
Microsoft has made software available to counter the virus, obtainable
via the WWW from
<http://www.microsoft.com/kb/softlib/mslfiles/mw1222.hqx>
and via ftp from
<ftp://ftp.microsoft.com/softlib/mslfiles/mw1222.hqx>.
Further questions about the virus and Microsoft Word 6.0 should be
directed to Microsoft technical support. Queries about their plans to
prevent future such viruses should also be directed to Microsoft technical
support.
Tom Gerace
Manager of User Services
Tulane University Computer Center
-------end of message--------
--