Bugs and Fixes: Security Scares With Microsoft Outlook

You'd like to think that as some of the latest products offer you more control, you don't end up giving control away to someone else. Well, in the case of Microsoft Outlook 98, 2000, or 2002 (the version that ships with Office XP), the latest security threat opens up just that possibility.

The issue involves a new feature called View Control that uses ActiveX. View Control displays information from Outlook in a browser window, and it ships with Outlook 2002 in Office XP. But the feature also works with Outlook 98 and 2000--a fact, it turns out, that a malicious hacker can exploit, whether you have loaded View Control or not.

Bug expert Georgi Guninski discovered that a miscreant can construct a Web page or an HTML e-mail that embeds View Control. If you then click the control, the hacker can take over your system and delete files. Even if your PC does not have the View Control feature, once you click the control on a Web page, the program tries to download itself to your PC. However, you do receive a prompt alerting you to the download first.

Microsoft has acknowledged the flaw and says it is working on a patch to plug the hole. Until the fix appears, you can work around the vulnerability by stopping ActiveX controls from running. Check out the Microsoft posting to learn how to disable the controls.

Sircam Not Over Yet

Do you remember the SirCam worm attack? This nasty piece of code replicated via e-mail. Once activated, SirCam randomly selected a document from a victim's computer, attached the document to an e-mail message, and mass-mailed itself to everyone in the victim's address book.

You may not think that your system was infected at an earlier time because the worm didn't cause immediate damage, but you could be in for a nasty surprise on October 16.

If you've set your system to use the European date format (day/month/year), and your PC gets contaminated, you run a 1-in-20 chance that SirCam will delete all the files on your hard drive on that date.

Here's how to tell whether an e-mail message is infected: The body of the text message begins with the innocuous "Hi! How are you?" or with its Spanish equivalent, "Hola como estas?" But the dead giveaway is the attached file that shows a double extension on the end of its name. As the e-mail is sent off, the worm appends an extra extension (.bat, .com, .lnk, or .pif) to the name of the file it selected. So a tainted file would become named "filename.doc.com," for instance. One way to tell if your computer is already infected: You'll find a file named SCam32.exe in the Windows\System directory.

Protect your PC by getting the latest virus definition file from your antivirus company. McAfee and Symantec say that their programs--armed with any virus definition file dated July 17 or later--will detect the SirCam worm in an incoming e-mail message and alert you. Read McAfee's instructions on how to remove the worm, or read step-by-step advice from Symantec.