Web "Bugs" in your office documents

Tiny images embedded in Word 2000, Excel 2000, or PowerPoint 2000 can trace who's reading what and where via the Internet.
Written by Peter Deegan, Contributor and  Woody Leonhard, Contributor
Tiny images embedded in Word 2000, Excel 2000, or PowerPoint 2000 can trace who's reading what and where via the Internet.

Richard Smith, Internet security guru extraordinaire, has done it again.

He's found that it is possible to embed "Web bugs" in Office documents. These bugs allow the author of a document to track via the Internet where a document is being read. It provides a way to monitor leaks of confidential documents from an organization or trace copyright violations.

It is also possible to place these tracers in individual paragraphs and see when text is copied from one Word document to another.

What he's uncovered is actually so simple, it's amazing someone has not realized this before. It's long been known that Web sites can use a tiny (1 x 1 pixel) image link to another site as a way to track your surfing habits and place cookies on your computer. This is a common system for advertising services on the Net.

Richard has realized that the same thing can be done in Word 2000, Excel 2000 and PowerPoint 2000 documents. An external link to a tiny image inside a document will cause the document to reach out to the Internet each time the document is opened to get that image.

Since it's only a 1x1 pixel, you won't notice the download time, but along with that pixel could come a cookie. In addition, the action of getting the image from the Internet necessarily sends your computer's IP address and host name (as in www.FoobarCorp.com).

If you copy a paragraph with the image link inside it, the link gets copied as well. This makes it possible to detect even if part of a document is copied by putting links in key paragraphs throughout a document.

The complete advisory is available at the Foundation's Web site. Also available is a "bugged" document for Word 97 and Word 2000.

Microsoft's response, to date, has been typical — i.e., poor. They've had most of August to respond and let their customers know of this implication of the Office design. Instead there's been nothing.

It's true that this tracing system has not been used in Office documents to anyone's knowledge so far. But that doesn't remove Microsoft's responsibility to notify their many customers of this previously unknown potential in Office 2000.

There's no real way to stop these "bugs" from working at present. You can disable cookies, but that's a nuisance for many of us and doesn't totally remove the ability to trace use of a document.

Editorial standards