Activity 3-2:
Identifying Macro Viruses
Launch Google search site.
#1 - Search for "macro virus"
What are the various definitions?
A=W97M.Melissa Word Macro Virus
XM.Delta
WM.Helper
WM.Helper is a virus first reported in the United States when
several users notices that their files were mysteriously
password-protected.
WM.Helper resides in one macro:
o AutoClose
The NORMAL.DOT global template file is initially infected when
the user closes an infected document. This copies the AutoClose
macro from the infected document to the global template. After
that, all documents that are not already infected become
infected when they are closed.
On the 10th of each month, WM.Helper sets the file-saving
options to always save files with the password "help".
Recommendations:
1-Turn off and remove unneeded services.
2-Always keep your patch levels up-to-date,
3-
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps
to prevent or limit damage when a computer is compromised.
4-Configure your email server to block or remove email that
contains file attachments that are commonly used to spread
viruses, such as .vbs, .bat, .exe, .pif and .scr files.
5-Isolate infected computers quickly to prevent further
compromising your organization. Perform a forensic analysis and
restore the computers using trusted media.
6-Train employees not to open attachments unless they are
expecting them. Also, do not execute software that is downloaded
from the Internet unless it has been scanned for viruses. Simply
visiting a compromised Web site can cause infection if certain
browser vulnerabilities are not patched.How many tutorials did you find?
- Could you easily create a macro virus?
A= yes there were many different sites showing how to
create a micro virus