New macro viruses infect agencies

Federal computer users are being threatened by malicious new "macro" viruses involving Microsoft Corp.'s Word and Excel programs, prompting agency warnings about potential widespread damage.

First discovered last summer, these viruses have already hit Energy Department and other government facilities. DOE's Computer Incident Advisory Capability (CIAC) last month issued a warning on the Internet stating that macro viruses "are no longer an isolated threat, but they are a significant hazard to the information on a computer."

Macro viruses are "affecting government sites in mass infections," said Sean Nadeau, director of technical support for North America for anti-virus software vendor Thunderbyte Inc. "We're not getting calls [about] one document infected. It's...a hundred documents infected."

Nadeau said the impact of these virus attacks has been great. "It's very time- and money-consuming for the sites that are infected because the amount of sharing of electronic documents means that there's a faster possibility of the virus spreading."

Traditional viruses attach themselves to program files or boot records, but the macro viruses attach themselves to documents that contain small, executable programs written in platform-independent languages. Macro viruses are executed when an infected document is opened (see box, page 61).

Particularly vulnerable to these viruses are documents written in Word 6.0 and Excel, two popular packages in the federal market. Platforms affected include Microsoft's Windows 3.1, Windows for Workgroups 3.11, Windows 95, Windows NT and the Macintosh operating system.

"I would anticipate macro viruses becoming a major problem this year," said Ken Rowe, senior security engineer at the National Science Foundation's National Center for Supercomputing Applications. "It's going to take a while for everyone to become aware of them and to get the tools to deal with them in the right way."

To avoid getting infected, users must run a virus scanner over Word and Excel documents before opening them, just like they scan executable files before running them.

"People are used to scanning for viruses in programs. But people aren't used to having to scan documents every time they get them," said Bill Orvis, a computer security specialist with CIAC.

"Users need to learn "that you can get a virus from clicking an icon on the Web, opening a spreadsheet or displaying a graphics file," said Eugene Spafford, head of the computer operations audit and security technology lab at Purdue University.

In the case of Word and Excel viruses, Microsoft has already issued a protection template. Users can find it by connecting to http://www.microsoft.com and using the search command to find "macro virus." Anti-virus software vendors have responded with updated versions of their packages.

"We now offer the capability to scan for macros and to clean them," said Lee Taylor, vice president of sales and marketing for Norman Data Defense Systems Inc. "We saw a jump in sales among federal customers for our anti-virus software in February, and we believe that one of the drivers of that was the increasing occurrences of the macro viruses," said Mary Engstrom, general manager of the anti-virus group at Symantec Corp., which is posting free scanners for macro viruses starting today at http://www.symantec.com.