What to do if a virus attacks Most infection scares are exaggerated

Your computer

March 09, 1997|By MIKE HIMOWITZ

I SPEND a lot of time recounting tales of woe from friends and readers, but this one is my own.

Naturally, it happened at the worst possible time. With a business trip scheduled the next day, I was trying to finish off a dozen little jobs, including a presentation for the conference I was attending. This involved copying a lot of files between two different desktop computers and a laptop machine.

I copied a couple of Microsoft Word files from a new computer running Windows 95 and opened them using my regular desktop machine, which was running Windows 3.1.

I knew something was wrong when it took a long time for the file to open. When it did, I saw a strange little error box. After that, I couldn't save it as a normal word processing document.

Since I experiment with a lot of hardware and software, I'm used to weird things happening, so I didn't think much of it.

The document looked OK, so I closed it, copied it to floppy disk and used the floppy to copy it to the laptop. Fortunately, the

laptop had an anti-virus program running in the background. It popped up a box informing me that my files were infected with the "Concept Virus" and the "Payload Virus."

Great. A twofer. And I'm infecting the whole world.

If you've never encountered one of these monsters, a virus is a malicious little piece of software, usually spread by floppy disks or networks, that hides in a specific program or in your operating system itself.

It may do its thing right away, or wait for a specific date or time to spring into life, at which point it does something you really don't want it to do.

It may be relatively harmless, like the "Cookie Monster," which fills your screen with the phrase "Give me cookie" until you type the word "cookie."

Or it may do something really nasty, such as delete the operating system or trash your hard disk completely. The guys who write these things have a very hot corner in Hell reserved for them.

That said, I thiznk most virus scares are overblown.

In 14 years of computing before this little disaster, I'd never been infected. But then, I'm careful about what I allow my computer to eat. I use an anti-virus program to scan my hard disk from time to time, but I don't usually leave a virus checker running in the

background because they're just as likely to crash a computer as they are to find viruses.

In this case, the laptop came with a virus checker installed, and since I don't use the computer much, I'd never bothered to turn it off.

What bit me was a relatively new and particularly invidious kind of bug known as a "macro" virus.

Unlike earlier viruses, which could be carried only in programs, macro viruses travel in normal word processing or spreadsheet documents. They take advantage of the fact that Microsoft Word (the primary target) and other popular applications have built-in programming languages that allow power users to automate various jobs.

These mini-programs, called macros, can be as simple as a few recorded keystrokes that insert boilerplate text into letters, or complete applications that can handle invoicing, billing, communications and other functions.

While macros are wonderful tools in the right hands, they also give malicious hackers a backdoor into your system.

When you open an infected document, the macro starts running. The first thing it usually does is infect the basic "template" files that Word uses as the basis for new documents.

That means any file you create or open after that will be infected by the macro. Some macro viruses will seek out all the Word files on your disk (or entire network) and infect them, too.

Every time you send an infected Word file to someone else who opens it using Microsoft Word, that person's copy of Word is infected, too.

In a business environment where Microsoft Word files are passed around every day over networks or through electronic mail, it doesn't take long for a single infected letter to spread the virus throughout a company -- or across the Internet to thousands of others.

Since they first appeared about two years ago, more than 200 different macro viruses have been identified for Microsoft Word alone.

One of the latest, called "ShareFun," extends its reach to Microsoft Mail, generating electronic mail messages to people randomly selected from your address book. The message carries the heading, "You've got to read this," and attached to the message is an infected Word document. If the recipient opens it using Word (as opposed to a generic file viewer), he's infected, too. Nasty.

After a while, I figured out that I picked up my virus from the copy of Word on the new computer, which had passed through a couple of hands before I got it.

So I logged onto Microsoft's World Wide Web site and found an antidote file. It was actually another another Word macro that can identify and purge common macro viruses and alert you in the future when a file you're opening contains suspicious code.

All of this disinfection took an hour or two that I didn't have -- and if the guy who wrote these viruses is ever captured, I'm going to lobby for a bill that restores drawing and quartering as a legal form of punishment.

I'm also going to update my virus checker and run it more frequently.

If you share files at all, you should get a virus checker, too. Luckily, you have a choice of excellent programs, including the Norton Antivirus (http: //www.symantec.com), McAfee's Viruscan (http: //www.mcafee.com) and, and Dr. Solomon (http: //www.drsolomon.com).

Whatever virus-checker you buy, make sure it can search out and destroy macro viruses, and log on to the publisher's Web site after you buy it to get the latest update. You can't be too careful.

Pub Date: 3/09/97

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.