Symantec Warns of Word Macro Virus
Security software vendor Symantec is warning of a virus dubbed Killboot that infects Microsoft Word documents and renders an infected computer unable to boot up.
The macro virus W.97M.Killboot infects a currently active Word document. Once that document is closed, the virus infects the Normal.dot template, enabling the virus to infect all other Word documents on the system once they are closed.
The virus creates a file called C:\Setver.exe. When it runs, that program writes the viral code to the Master Boot Record (MBR), and then effectively erases the MBR by overwriting it with zeroes. The MBR points to the area of the computer's hard disk that contains the operating system. Without the MBR, the computer wont be able to find the OS and thus will not be able to boot up.
Symantec's antivirus software detects C:\Setver.exe as Trojan.Killboot. The company says the virus affects Microsoft Windows 95, 98, ME, NT, 2000 and XP, but not Windows 3.x. Macintosh, Unix and Linux systems are likewise not affected.
Symantec indicates the virus has not yet been largely distributed in the wild. Updates that enable Symantec products to detect the virus are available on its Web site.