Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks
by
Scott J. Shapiro
And releasing a “harmless” macro virus such as Winword.Concept is irresponsible. Gordon faulted universities for their lack of leadership. She especially disapproved of programming classes using virus code in homework assignments. This behavior legitimates hazardous upcode. “Whether we like it or not, our own actions and words communicate to the next generation what is acceptable socially, ethically, and legally and what is not. By our actions, or lack thereof, today, we ourselves are creating the virus writers of tomorrow.” Melissa, ILOVEYOU The first major macro virus to exploit Microsoft Word’s internet capabilities was Melissa, named after a Miami stripper whom David Lee Smith, a thirty-year-old virus author from northern New Jersey, knew.
…
antivirus protection wasn’t very useful: As Vesselin Bontchev argued, users don’t run one another’s macros, so it made little sense to let users run untrusted macros. Macro viruses declined rapidly when Microsoft switched the default to executing only digitally signed macros: Vesselin Bontchev, “The Real Reason for the Decline of the Macro Virus,” Virus Bulletin, January 1, 2006, https://www.virusbulletin.com/virusbulletin/2006/01/real-reason-decline-macro-virus/. repeatedly executed the virus: Nick FitzGerald, “Throwback Thursday: When Love Came to Town,” Virus Bulletin, ed. Martijn Grooten, June 2000, www.virusbulletin.com/virusbulletin/2015/05/throwback-thursday-when-love-came-town-june-2000.
…
When a user clicked on a Word document, Word automatically ran any macros embedded in the document. Thus, when a user opened a file infected with Winword.Concept, Word would execute the virus. The virus did only one thing: it appended a copy of itself to Word’s File Save As function. Anytime the user saved a file, Word would inject Winword.Concept into the document it was saving. The macro virus also contained a payload, but the payload was harmless. It simply contained a remark saying “That’s enough to prove my point”—the point being how easy it is to use macros to create viral malware. Word Basic’s utility was also its vulnerability. By allowing users to create miniprograms that can copy files, it allowed users to create miniprograms that can copy themselves.
Microsoft Office Outlook 2010 QuickSteps
by
Malestrom
Click OK twice to close the Trust Center and Outlook Options dialog boxes. viruses can be implanted in macros. This is a common 5 way for viruses to be spread. Outlook’s macro security simply disables macros that are not from secure or trusted sources, thus reducing the likelihood of getting a macro virus. By default, Outlook disables macros that are unsigned and warns you about signed 6 macros. You can change those settings if you wish. 1. Click File and click Options. In the Outlook Options dialog box that appears, click Trust Center, and then click Trust Center Settings. 2. In the Trust Center dialog box, click Macro 7 Settings in the left column. 3.
…
In the Outlook Options dialog box that appears, click 10 Add-Ins. A list of installed add-ins will appear, as shown in Figure 8-13. 184 184 Microsoft Office Outlook 2010 PC QuickSteps Getting to QuickSteps Know Your PCManaging Files and Folders 1 2 CAUTION Keep in mind that Outlook only helps reduce the likelihood of a macro virus; it is not a full antivirus 3 program. You should install and use antivirus software on your computer. Visit www.mcafee.com or www.symantec .com to learn more about antivirus programs. 4 5 6 Figure 8-12: It is unlikely that you will want to encrypt and/or digitally sign all your mail, but you may want to encrypt individual messages in the e-mail message window. 2.
Secrets and Lies: Digital Security in a Networked World
by
Bruce Schneier
Published 1 Jan 2000
These are written in scripting languages and infect data files rather than programs. Many word processors, spreadsheets, and database programs have scripting languages. These scripts, sometimes called macros, are used to automate tasks and are stored with the data. People have written viruses using these scripting languages. The first Microsoft Word macro virus, “Concept,” was first observed in the wild in 1995; they existed in the Emacs text editor as early as 1992. These viruses can spread much more quickly than the others can, because people exchange data more often than they exchange programs. And as e-mail, collaboration, and file transfer software become easier to use, they will spread even faster.
…
Companies release them within days of learning of a new virus. And as long as viruses propagate slowly, this is good enough. Most antivirus software automatically updates itself once a month. Until 1999, that was good enough. E-mail propagation changed everything. The year 1999 gave us the Melissa Microsoft Word macro virus and the Worm.ExploreZip worm, and 2000 gave us the ILOVEYOU worm and its dozens of variants, but there are many others. This type of malware arrives via e-mail and uses automatic e-mail features in software to replicate itself across the network. They mail themselves to people known to the infected host, enticing the recipients to open or run them.
…
There’s an easy implementation in Windows: A malicious macro could simply watch for PGP’s “open file” dialog, see what file Alice is about to sign, and copy its own file to that filename, then restore the old file afterward. Word’s macro language can do this, so it could easily be a payload for a Word macro virus. And that’s just one example. The Trojan horse could sign both documents and transmit the embarrassing signature at some opportune time. Or it could just steal Alice’s private key. Nothing here is difficult; the programming is easy. In any case, if we are successful we could have possession of a damaging document, signed by Alice.
The Art of UNIX Programming
by
Eric S. Raymond
Published 22 Sep 2003
The strength of an operating system's internal boundaries is not merely an abstract issue of design: It has important practical consequences for the security of the system. To design the perfect anti-Unix, discard or bypass memory management so that a runaway process can crash, subvert, or corrupt any running program. Have weak or nonexistent privilege groups, so users can readily alter each others' files and the system's critical data (e.g., a macro virus, having seized control of your word processor, can format your hard drive). And trust large volumes of code, like the entire shell and GUI, so that any bug or successful attack on that code becomes a threat to the entire system. File Attributes and Record Structures Unix files have neither record structure nor attributes.
…
Microsoft Word macro viruses show how this sort of thing can become actively dangerous, a security hole that costs billions of dollars in downtime and lost productivity annually. It is instructive to note that despite the existence of at least twenty million Unix users worldwide[95] there has never been any Unix equivalent of Windows's frequent macro-virus outbreaks. There are a number of reasons for this, including the fundamentally better security design of Unix; but at least one is the fact that Unix mail agents do not default to executing live content in any document that the user views.[96] If there is any way that your application's users might end up running programs from untrusted sources, risky features of your application minilanguage might end up having to be suppressed.
Protocol: how control exists after decentralization
by
Alexander R. Galloway
Published 1 Apr 2004
Tactical Media 183 Morris should go to prison, and, as the magazine testified, “most of those who said ‘Yes’ to the prison question added something like, ‘only a minimum security prison—you know, like the Watergate people vacationed at.’”29 Thus while not unnoticed, Morris’s worm was characterized as a mistake, not an overt criminal act. Likewise his punishment was relatively lenient for someone convicted of such a massive infraction. Ten years later, in 1999, after what was characterized as the largest Internet manhunt ever, a New Jersey resident named David Smith was prosecuted for creating Melissa, a macro virus that spreads using the Microsoft Outlook and Word programs. It reportedly infected over 100,000 computers worldwide and caused $80 million in damage (as assessed by the number of hours computer administrators took to clean up the virus). While Melissa was generally admitted to have been more of a nuisance than a real threat, Smith was treated as a hard criminal rather than a blundering geek.