Related Resources • Hoax Encyclopedia resource • Virus Encyclopedia • Glossary of terms

Elsewhere on the Web • Melissa.RTF • Word Security Patch • Kaspersky Report

RTF files are often touted by antivirus vendors as a safe means of sharing documents created in Microsoft® Word. But are they really that safe? Kaspersky Labs thinks not, and history has proven them right.

One of the early variants of the Melissa virus used a simple ruse in an attempt to bypass antivirus scanners. The normal .DOC extension was renamed to .RTF. In reality still a .DOC file capable of harboring malicious code, the trick was effective because some scanners at the time did not include .RTF files as part of their scanning routine and did not look beyond the extension to determine the true nature of the file.

Despite this, many antivirus vendors have continued to urge users to employ the use of .RTF files, insinuating that .RTF files are a safe and viable means of sharing Microsoft® Office documents. While certainly a true .RTF (Rich Text Format) file is safer than a Word .DOC file, renaming extensions is not the only vulnerability that blurs the distinction.

On May 21, 2001, Microsoft admitted to a flaw in the security of Microsoft Office which allowed .RTF files embedded with a link to an infected Word template to automatically launch the document and any macros contained. In effect, the macro would completely bypass any macro security settings. The launched macro would then run with the same rights assigned to the user and could, for example, change Microsoft security settings to disable macro protection altogether. A patch for the vulnerability was released to protect affected Word 2000, Word 97, Word 98 (J), and Word 98/Word 2001 for the Mac users.

On June 18, 2000, Kaspersky Labs began warning users of a new password stealing Trojan - using the vulnerability in .RTF files as a means to spread. According to Kaspersky, the Trojan Goga steals and records password information from affected users, allowing further surreptitious access.

In short, RTF files may not be the safety haven often touted by a handful of antivirus vendors. Instead, RTF files should be treated with the same caution as DOC files.