Legion of new viruses approaches

Remember Melissa? Well she has a sister. She doesn't exist yet, she's working on creating herself a new identity. When she's ready... look out.
Written by Will Knight, Contributor

Security consultant and author Bruce Tober believes a legion of new macro viruses, developed using Corel's WordPerfect 9, could soon be causing havoc for millions of computer users world-wide.

The potential danger says Tober is due to Visual Basic, a Microsoft programming language that is now part of WordPerfect 9. In its latest incarnation the Word processor is selling well, making it an ideal target for attack.

Tober says the problem is potentially compounded by the fact that the new viruses are, in theory, compatible with Microsoft word, the program of choice for more than 90 percent of the world. He says researchers at Microsoft and independent security companies are as yet unsure how significant cross-proliferation could be. The addition of Microsoft's Visual Basic for Applications (VBA) to Corel's WordPerfect 9 means macro programs may be transmitted between these programs.

A spokesperson for Corel maintains that the risk is virtually eradicated by in-built security measures, but makes no guarantees. "There are always going to be people trying to get around these measures and you can never say this problem will never arise," she says.

Kevin Street, technical expert with Symantec anti-virus claims the process of interpretation of macro programs between WordPerfect and Word provides a handy stumbling block. "Just because they are compatible, doesn't mean they are in the same language," he says. "In practice it is not an issue because a malicious hacker would need access to the interpreting process on the target's machine. If you have that why bother giving someone a virus?"

Despite Street's confidence that the viruses will not cross from one program to another, Tober believes public understanding of the potential dangers is severely lacking. "If people understood the situation they just wouldn't open attachments anymore," he says. "It's also not enough just to buy an anti-virus program any more. It's not even enough to get it updated once a month. There are two thousand viruses produced every month and really you need to check the vendors Website every couple of days."

Symantec's Web site was hacked earlier this week.

Macro programs can be embedded within documents to influence the running of applications or even an operating system. They can be sent within an attachment to any email message.

Macro viruses have become a major problem in the last few years largely because of the volume of people using the same macro-compatible programs as well as the growth in email communication. Two months ago, the Melissa virus -- created using Word macro programs -- hit businesses and individual users causing unprecedented damage not to mention widespread panic.

    Macro Attack

  • Hundreds of Office macro viruses and worms currently in existence
  • Among the simplest hostile programs to create.
  • Other well known current strains include Papa and Ethan.
  • Anti-virus specialist at Dr Solomon, Lee Fischer, is worried about Macro viruses. "We have seen an evolution of macro viruses and, because they are not effective in spreading in themselves, many of them are combining with other viruses to become more efficient."

    Fischer also pointed to Microsoft's failed Java Killer -- Active X -- as a far greater risk than Macros in the long term. Active X applets can be embedded within HTML code and can execute programs or even write directly to a system's registry. It can also operate from within an email document opened in Outlook or Eudora -- two of the leading email clients. It is therefore relatively simple for a victim to be tricked into a running an Active X applet without realising. "These are going to be a greater problem in the future because Active X functionality has been added to so many programs and because they are so easy to create," says Fisher.

    Take me to the Melissa Virus special.

    Take me to the Virus Workshop

    Editorial standards