Hunters contain Office macro virus

The heat of the race to detect and nullify new viruses appears second only to the contest among virus fighters to be first with the cure. Two antivirus software leaders, Symantec and Network Associates' McAfee division, have nabbed a new macro virus that threatens files created by Microsoft's Office applications. Both have posted new definitions that detect and eradicate the 097M.Tristate macro virus.

The heat of the race to detect and nullify new viruses appears second only to the contest among virus fighters to be first with the cure.

Two antivirus software leaders, Symantec and Network Associates' McAfee division, have nabbed a new macro virus that threatens files created by Microsoft Corp.'s Office applications. Both have posted new definitions that detect and eradicate the 097M.Tristate macro virus.

You can download the new definitions for any Symantec antivirus product from LiveUpdate, the company's antivirus service, which pushes virus updates to registered Symantec customers.

"It's a scheduled component that checks frequently for new virus threats," says Enrique Salem, Symantec's chief technology officer.

Unregistered Symantec customers can get the new definitions from the Symantec AntiVirus Research Center on the company's Web site -- http://www.symantec.com/.

You can also eradicate the 097M.Tristate virus using McAfee's VirusScan updated with the most recent definition file, available on the company's Web site. VirusScan also will prompt you to periodically update your virus definitions data.

"Trendy" Macro Viruses

Macro viruses similar to 097M.Tristate are popular among virus writers, according to Symantec officials. The 097M.Tristate macro virus cross-infects Microsoft Word documents, Excel spreadsheets, and PowerPoint presentations.

The 097M.Tristate virus creates a viral workbook called BOOK1 in the Excel startup directory. In PowerPoint, 097M.Tristate adds a viral module that's linked to the AutoShape object covering an entire slide. During its final leg, 097M.Tristate replaces the content of an infected Word document with viral code.

Once considered the exclusive domain of research labs, macro viruses have transitioned into general circulation. Despite its prolific reproduction, Symantec classifies 097M.Triplicate as rare, saying it has yet to spread beyond the United States. The 097M.Tristate macro virus, also known as Triplicate and Crown, is currently the eighth most common virus submitted to Symantec's lab. The company's Scan & Deliver system has received 132 submissions of the 097M.Tristate virus in the past two weeks.

McAfee classifies 097M.Tristate as high risk. The virus apparently removes virus-warning protection from both Excel and Word.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]