Number of macro viruses now over 1000

More virulent than boot sector viruses

Boot sector viruses used to be the most common virus type for years, spreading only via floppy disks. After local area networks and the internet became common, boot viruses were not so prevalent or threatening. Macro viruses cause most of the infections in the world today, and now they far outnumber boot viruses.

"In reality there are 300 basic macro virus types", comments senior virus analyst Peter Szor from Data Fellows. "but there are many variations within the same virus types. Some viruses are created by virus writers, some are created by natural mutation." All macro viruses have the potential to spread and cause computer-infections in the real world.

"Practically all of the known 1000 macro viruses were originally found in customer sites", says technical support manager Mikko Hypponen from Data Fellows. "However, most of them are not really widespread. Only about 100 of the known macro viruses can be considered to be in the wild". But a macro virus can become widespread very quickly - the CAP.A virus spread globally in less than two months and infected tens of thousands of machines.

F-PROT Professional solves the problem

The only way to stay up-to-date is to update often. The F-PROT Professional antivirus toolkit from Data Fellows is automatically updated several times each day.

"We are able to do this thanks to our state-of-the-art macro scanning engine inside F-PROT", explains Hypponen. "F-PROT identifies macro viruses exactly, so we are able to detect even small changes to macro viruses and are able to spot new threats". And thanks to exact identification, new definitions added by Data Fellows antivirus experts can be distributed to users immediately, since there is no risk of false alarms. "Other antivirus products rely on search strings, which can be found in clean macros as well. This slows down their upgrade pace, as they need to do extensive false alarm testing before each release. We typically update 3-4 times every day."

The macro scanning engine of F-PROT is unique in the market at this time. In addition to being able detect modified viruses with such precision, F-PROT is also able to disinfect any macro virus and is extremely fast. For example, most other antivirus products are not able to disinfect macro viruses from Word 97 documents. Today, F-PROT identifies and disinfects all 1000 known macro viruses - hundreds more than the closest competitor.

Updates from the web - several times a day

New definitions are distributed to the world via the Data Fellows web site. Anyone can download the latest MACRO.DEF file, and with it instantly detect and disinfect 1000 macro viruses. The F-PROT Gatekeeper active protection driver also uses MACRO.DEF and effectively prevents users from opening, copying or downloading infected documents.

Data Fellows also has a free F-MACRO program available on the web site for those users who do not have F-PROT Professional.

Data Fellows has just released a utility to download the latest MACRO.DEF file automatically and distribute it to all workstations within an organization, again automatically. This utility can, if desired, download the latest update several times per day to a customer site. The update can be deployed automatically within a site over a LAN to every workstation.

By using mathematical extrapolation we end up with an estimate of 10,000 macro viruses by the end of 1997. We hope exponential growth will not continue for long and officially expect the number of macro viruses to be much below 10,000 at that time.