Bugtraq mailing list archives

Re: Melissa Macro Virus

From: brett () LARIAT ORG (Brett Glass)
Date: Tue, 30 Mar 1999 22:29:40 -0700


Melissa doesn't just infect NORMAL.DOT. It also infects anything you open
after you've opened the infected document. Read the code....

--Brett

At 02:10 PM 3/30/99 +0200, Bronek Kozicki wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There is another kind of protection (and I used it sucesfully in my network
for last few months). Just set NORMAL.DOT read only attribute. When exiting
Word user will be warned with message "unable to save modified Normal.dot" -
he/she then comes to support, and then we know that we have problem. Of
course - normal.dot is placed in user's profile. This is pretty simple kind
of protection against macro-viruses in Word.


Bronek Kozicki

- --------------------------------------------------
ICQ UID: 25404796            PGP KeyID: 0x4A30FA9A
07EE 10E6 978C 6B33 5208  094E BD61 9067 4A30 FA9A

Current thread:

Re: IE 5.0 allows reading and sending local files to a remote, (continued)
- - - Re: IE 5.0 allows reading and sending local files to a remote Andrew Tulloch (Mar 31)
    - Procmail scanning for hostile macros in Microsoft document e-mail John D. Hardin (Mar 31)
    - Excel variant of Melissa Marcel de Haas (Mar 30)
    - Re: Excel variant of Melissa Ken Pfeil (Mar 31)
    - Re: Bug in xfs Roman Drahtmueller (Mar 30)
    - Re: Bug in xfs Matthieu Herrb (Mar 30)
    - Re: Bug in xfs Juha Virtanen (Mar 30)
    - Re: Bug in xfs Alan Cox (Mar 31)
    - [support_feedback () us-support external hp com: Security Bulletins Patrick Oonk (Mar 31)
  - Re: Melissa Macro Virus Bronek Kozicki (Mar 30)
    - Re: Melissa Macro Virus Brett Glass (Mar 30)
    - Re: Melissa Macro Virus Dimitry Andric (Mar 31)
    - Potential vulnerability in SCO TermVision Windows 95 client JJ Gray (Mar 31)
- Re: Melissa Macro Virus Darryl Braaten (Mar 29)
- Re: Melissa Macro Virus Rodefeld, Sonja (Mar 31)