Macro virus afflicts MS Mail

This virus is no hoax.

McAfee has found a new macro virus that will randomly send mail from people who use Microsoft MS Mail, a company email system.

Internet bulletin boards are filled with dire warnings about email that will infect your computer with viruses that will then destroy data and send nasty email out to everyone in your email program. Those are hoaxes. This one isn't.

Before you panic: "ShareFun," as it's called, is easily detectable and preventable. Like all viruses transmitted through email, it is sent through an email attachment. To get it, the user must execute it--usually by double-clicking on the attachment icon within the email.

Most virus-savvy people won't open attachments unless they know who sent them. And there lies the danger in this particular virus. By definition, it always comes from someone you know, so you're more likely to trust it when you get it.

"That's part of the problem in all this," Jimmy Kuo, director of antivirus research for McAfee, said today. "You receive it from a friend."

McAfee learned about the virus through a customer. A large multinational corporation suspected its email system was infected.

Kuo discovered they were right. Here's the way it works, he explained: You receive an email from a friend with a subject line reading "You have SEE to see this!"

When you open the email message it is blank. You see there is an attachment so you double click on it. When your computer launches Microsoft Word to read the attachment, the virus is launched.

The virus then has a one-in-four chance of going back to the MS Mail program and automatically sending out new messages with attachments of itself to three people on your nickname list.

Whether it sends the email the first time, each time you open Microsoft Word, the virus is launched again. Again, it has a 25 percent chance of sending itself out through your email, Kuo said.

The security risk inherent in the virus is that every time it sends out email, it will send it out whatever document you happen to be working on at the time. In other words, you could be working on a sensitive document that would be automatically launched to three people in your email program.

The virus just reinforces the need to be careful about what programs you execute and how you execute them.

"With the increase in shared files and sending documents back and forth, people need to always be careful when opening documents," said Tom Williams, Microsoft product manager for Office.

MS Mail, he added, is being phased out and replaced with Microsoft Exchange, so it isn't as prevalent. However, he could not say how many offices use MS Mail.

Williams encouraged users to follow the rules of safe computing: Be careful and also to make use of built-in protections. Word 97 has a built-in function that will detect any macros--whether or not they are viruses. Those who don't have Word 97 can nevertheless download the function.

He also recommended a good virus protection program.

Although this virus happened to hit MS Mail, the fact is, it could have hit any email program. Macro viruses are incredibly simple to write.

"This is an industrywide problem," Williams said. "Because Microsoft products are the most prevalent, it's most often heard about through Microsoft products, but everyone needs to be concerned about spreading viruses and protecting themselves.