by Beverly Rosenbaum
The first macro viruses to spread within Microsoft Access database files were found on the Internet at the end of March 1998.
Until then, macro viruses had only been found in Microsoft Word and Microsoft Excel applications. However, Microsoft Access uses a macro language similar to that of Word and Excel, and can therefore easily operate as a carrier for macro viruses.
At the moment, the risk of being infected by an Access macro virus is fairly small. Unlike Word and Excel documents, Access files are not frequently shared between companies or sent via e-mail.
Microsoft learned of the destructive macro virus, called “AccessIV”, and issued a statement in April. This virus can affect databases created in Access 2.0, Access 95, and Access 97. Two other variants of the virus also have been identified. To date, the virus has only appeared on private Web sites, and Microsoft Technical Support has not received any reports of this virus from customers. A macro virus uses an application’s own macro programming language to distribute itself, and, unlike other viruses, a macro virus infects documents or databases rather than applications. The AccessIV virus is not designed to destroy files, but it will attempt to corrupt information in an Access database.
Microsoft is studying ways to counter AccessIV, and will make that information available to users through their Web site at http://www.microsoft.com/access/virusinfo/default.asp.
In addition, Microsoft is reportedly creating a free tool that checks for and disables the virus. This tool will be also be available for download from their Web site. There are already tools developed by third party anti-virus vendors to detect and clean the virus.
According to the advisory distributed by Microsoft, if you’re using Access 2.0, Access 95, or Access 97, you can use the built-in security features to help prevent viruses from infecting your databases.
Although the security utility will not remove the AccessIV virus, you can use it to control who has rights to modify your database, thus preventing unknown sources from potentially infecting your files.
You can implement security by either establishing user/group accounts or creating password protection. More information can be found in the Access Help index under “security”.
Microsoft strongly recommends keeping anti-virus protection software up-to-date. Customers should also practice safe computing by not sharing their databases with unknown sources and by not downloading unfamiliar Access databases from the Internet. Upcoming versions of Access will include technology that helps prevent macros from running and infecting your databases.
Microsoft provides the following instructions for two options to prevent viruses from infecting your Access databases using Access security:
Database Password Security
To give your databases a password:
1.Open the database exclusively.
2.On the Tools menu, click Security, and then click Set Database Password.
3.Enter and verify your password.
Then all users must supply the password to open the database.
If a virus attempts to infect a password-protected database, you will see a password prompt. Click Cancel to prevent the database from opening, and the virus will not infect the database.
User-Level Security —
User-level security allows you to grant different sets of permissions to different groups of users.
To secure a database:
1.Create and join a secure workgroup file using the Workgroup Administrator.
2.Create a new user and add that user to the Administrator’s group.
3.Remove the Administrator user from the Administrator’s group.
4.Give the Administrator user a password to force a login prompt.
5.Restart Access and log in as the new user.
6.Run the User-Level Security Wizard (this will create a new database and copy all objects to the new database).
Your database is now secured. You can use the security dialog boxes to add additional users and groups and assign permissions. To be completely secure, the Users group must not have any permissions.
If you download a database from the Web or suspect a database might be infected, open that database using the default (unsecured) workgroup file. If your databases are secured, the infected database will not have sufficient permissions to infect your secured databases.
Excel Virus XF.Paix.A
The Excel macro virus XF.Paix.A has recently been detected in France, but poses a potential threat to users around the world. Unlike traditional Excel viruses, which use macros to infect, this new virus uses formulas inside the data region of the Excel spreadsheet to infect. It uses the old style Excel 4 macro language rather than Visual Basic for Applications. It installs itself as an Add-In to Excel in a file called xlsheet.xla. The worksheet remains hidden from users and executes each time an existing file is opened or when a user makes changes. Once the virus has executed, it inserts a new worksheet into the file. The virus triggers with a probability of about 1/50, and it will randomly hide all toolbars and create and show a new toolbar, hide all open workbooks and rename the title bar to “Enfin la Paix,” (French for ‘Peace at last’). This virus only affects PC-based platforms.
The Latest Hoax
E-Flu is not a virus. It is a hoax. The “virus” does not exist. There is currently no virus that has the characteristics ascribed to E-Flu, and the idea that it could be transmitted from computer to human is totally impossible. It is a sham, meant only to panic new or inexperienced computer users. You should ignore any messages regarding this supposed “virus” and not pass them to anyone else. Passing on messages about hoaxes will only circulate the misinformation.
The hoax message includes the following “warning:”
Hello NWST & ICRS Drivers,
I have some very startling news for all drivers in the NWST and ICRS/IDRS Leagues. Recently, a driver in both of the Leagues, Gary Kendall, and the Director of the NWST, Dave O’Brien, came down with cases of the E-Flu.
The E-Flu is a frightening new Computer to Human Virus that has no effect on computers but can potentially make users very ill. It is passed from computer to computer through the Internet, and then from computer to Human through either keyboard contact or diskette contact.
The good news, however, is that the Pullmer University of Medicine has posted a webpage with instructions for vaccinating yourself at home against this dangerous new illness. The vaccination page can be found at http://ww4.choice.net/ ~dhawk/pullmer/vaccine.html.
If you have read any E-mail messages from either Gary Kendall or Dave O’Brien within that past week, then you need to perform the vaccination regardless of whether or not you’re actually sick yet. Even if you’re not sick, you can still take measures to prevent the E-Flu.
Also on the vaccination page is a comprehensive list of those infected as well as a list of those potentially infected. So please, view the page at http://ww4.choice.net/~dhawk/pullmer/vaccine.html.
The specified page contains more outrageous advice posted by a Dr. R. U. Kidding, and describes a silly procedure and bogus symptoms.
Beverly Rosenbaum is a HAL-PC member who can be contacted at brosen@hal-pc.org. n
E-mail me at webmaster@hal-pc.org with any comments you have and tell me what you want to see here.