This is something of a watershed week - no new or updated security bulletins from Microsoft! Aside from that, we cover a couple of new e-mail viruses and a buffer overflow flaw in the venerable (and popular) Unix e-mail program, Pine. Finally, some news about Microsoft Office 2001 document forma woes. Note that although Office 2001 is specifically for the Macintosh, the issue described below affects anyone who may obtain files from an Office 2001 user.
One major antivirus developer raised alerts yesterday about an e-mail worm that spreads itself as a Word document attached to e-mail, much as Melissa did. Known as W97M/Afeto, this worm sends itself to the people who have sent its victims e-mail.
There seem to be very few reports of this worm yet, and although you should always be wary of Word document format attachments in e-mail, so long as users maintain normal macro virus precautions, such as enabling the macro warning option in Word 97 and 98, or setting macro security to high in Word 2000 and Word 2001, it should not trouble you.
Facing the Music
Another e-mail worm that has become increasingly common the last couple of weeks is Win95/Music. There are several variants of this virus, which arrives as an e-mail attachment. When run, the virus first
attempts to download an updated version of itself from a web site, then it sends copies of itself (or the update) to e-mail addresses it harvests via the Windows Address Book, Microsoft Internet Account
Manager and other sources.
Usual precautions such as filtering or otherwise blocking executable e-mail attachments should prevent Music causing any trouble.
Macintosh Office 2001 raises concerns
Microsoft Office 2001 for the Macintosh was released a couple of weeks ago. Due to subtle changes in internal format details, many virus scanners will fail to detect common macro viruses that can infect Office application document files. For example, as with Word 98 for the Macintosh and Word 2000 for Windows, Word 2001 runs many VBA macro viruses that worked on Word 97 (and/or on some of the other Word versions between that and Word 2001). Although these virus may not work under Word 2001, if files infected with them are opened in that version and subsequently saved, the virus will remain viable if the file is taken back to a copy of one of those earlier Word versions.
Antivirus developers are working on resolving these issues so future updates of their products will reliably detect viruses stored in Office 2001 files in this way.
Update fixes remote buffer overflow in Pine
Updates are available for the Pine e-mail client, popular on Unix and Linux systems. A buffer overflow in code parsing the contents of a message header allows arbitrary code to run during new-mail checking of open mail folders. Although this vulnerability is not known to be actively exploited at the moment, it has been discussed in open mailing lists, so should be considered a possibility.
Various Linux vendors have shipped updated Pine packages, so check with your vendor(s) as appropriate. Pine users on other platforms should check with their vendors or check for Pine v4.30 updates (source and/or binaries) from the Pine Information Center at the URL below.