Tiny images embedded in Word 2000, Excel 2000, or PowerPoint 2000 can trace who's reading what and where via the
Richard Smith, Internet security guru extraordinaire, has done it again.
He's found that it is possible to embed "Web bugs" in Office documents. These bugs allow the author
of a document to track via the Internet where a document is being read. It provides a way to monitor leaks of confidential
documents from an organization or trace copyright violations.
It is also possible to place these tracers in individual paragraphs and see when text is copied from one Word
document to another.
What he's uncovered is actually so simple, it's amazing someone has not realized this before. It's long been
known that Web sites can use a tiny (1 x 1 pixel) image link to another site as a way to track your surfing habits
and place cookies on your computer. This is a common system for advertising services on the Net.
Richard has realized that the same thing can be done in Word 2000, Excel 2000 and PowerPoint 2000 documents.
An external link to a tiny image inside a document will cause the document to reach out to the Internet each time
the document is opened to get that image.
Since it's only a 1x1 pixel, you won't notice the download time, but along with that pixel could come a cookie.
In addition, the action of getting the image from the Internet necessarily sends your computer's IP address and
host name (as in www.FoobarCorp.com).
If you copy a paragraph with the image link inside it, the link gets copied as well. This makes it possible
to detect even if part of a document is copied by putting links in key paragraphs throughout a document.
The complete advisory is available at the Foundation's
Web site. Also available is a "bugged"
document for Word 97 and Word 2000.
Microsoft's response, to date, has been typical — i.e., poor. They've had most of August to respond and let
their customers know of this implication of the Office design. Instead there's been nothing.
It's true that this tracing system has not been used in Office documents to anyone's knowledge so far. But that
doesn't remove Microsoft's responsibility to notify their many customers of this previously unknown potential in
There's no real way to stop these "bugs" from working at present. You can disable cookies, but that's
a nuisance for many of us and doesn't totally remove the ability to trace use of a document.