This was on the Info-Sec mailing list and appears to be a request for help in cracking some sort of execute-only wrappers on MicroSoft Word-for-Windows macros, the concern being that the macros need to be defused if they're malignant. If anybody wants to, they may respond right to: njb@csehost.knoware.nl <Niels J. Bjergstrom>. . . . .
All the macros are made ExecuteOnly, meaning that they are compiled or encrypted so that the Word macro interpretor can execute them, but they cannot be listed or edited. Does anyone reading this list happen to know where we can find a cracker or disassembler for ExecuteOnly Word macros? It is of vital importance that we are able to read malignant Word macros, and any help will be appreciated.
. . . .
macro vira to us at the email address below. And I repeat: We are very interested in obtaining a cracker for the Word macro language encryptor/compiler. We haven't looked at this yet. For all we know it could be very simple, but any info is appreciated.
Niels
-- Niels J Bjergstrom, Ph.D., m/ISACA Tel. +31 70 362 2269 -- -- Computer Security Engineers, Ltd. Fax. +31 70 365 2286 -- -- Postbus 85 502, NL-2508 CE Den Haag London: +44 181 519 8011 -- -- Netherlands Email: njb@csehost.knoware.nl -- -- PGP Public key available on request - please use when mailing vira --