Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Google   

[an error occurred while processing this directive]

rev.1 (02/24/97)

ShareFun Macro virus

Contents

Introduction

ShareFun macro virus fail to became a widespread. But it contain a mechanist for self propogation, so this infotmation can be useful in case similar viruses will apper in future. This information is preliminary info that is provided to users on "need to know" basis.

ShareFun macro virus has new method of replication. This virus spread itself by sending messages with currently opened document to several addresses from some (may be Global) address list.  If you receive e-mail that contain Ms Word attachment in native Ms Word format and subject contain: "You have GOT to read this!", please do not open an attachment. Just delete the message.

This macro virus spreads by infecting Word documents in Microsoft Word versions 6.x and 7.x. The virus consists of these macro names:

AutoExec
autoOpen
FileClose
FileExit
FileOpen
FileSave
FileTemplates
ShareTheFun
ToolsMacro

in infected documents. The virus becomes active by using the Auto and System macros shown above.

Attention: virus intercept Tools/Macro and File/Templates. So both the Tools/Macro and File/Templates will activate the virus.

Indications of Infection

There is a 1 in 4 chance, that after opening infected attachment or document the virus will try to check if you are running Microsoft Mail. If so, the virus will find 3 random people in your mail list and send a copy of the infected document with the following subject: "You have GOT to read this!" .

Opening or closing the infected MS Word document or attachment will invokes the viral macros, e.g. activates the virus. When the virus macro are executed, virus will copy itself (e.g. all macro virus macro) to NORMAL.DOT.

Prevention

1. Mark NORMAL.DOT as read-only. This prevents NORMAL.DOT from infection.

4. Use Office 95A or Office 97 with enable macro virus warnings

Copyright 1998, Nikolai Bezroukov. Standard disclaimer applies. As long as this copyright notice is preserved, and any changes are clearly marked as such, the author gives his consent to republish and mirror this text.

Copyright © 1996-2008 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: February 28, 2008