From the New York Times:
March 28, 1999
New Fast-Spreading Virus Takes Internet by Storm
By MATT RICHTEL
AN FRANCISCO -- A rapidly spreading computer virus
forced several large corporations to shut down their
e-mail servers on Friday night as it rode the Internet
on a global rampage, several leading network security
companies reported Saturday.
The security companies said early reports of the virus,
which is carried by e-mail, led them to believe that tens of
thousands of home and business computers had been infected
on Friday alone. The virus reproduces itself exponentially,
they said, trying to use each infected message to send 50
more infected messages.
Related Article
New Virus Infects Microsoft Word Files
(Dec. 21, 1998)
Eye to Eye With a Wily Virus
(March 12, 1998)
"This is the
fastest-spreading virus we've seen," said Srivats
Sampath, general manager for the McAfee Software
division of <#1>Network Associates, a Santa Clara
company that makes anti-virus software.
Network security experts said that the virus appeared to
do no harm to the machines it infected and that individuals
could easily disable it. But they said its purpose is to
interrupt networks by replicating itself so rapidly that it
overwhelms networks and e-mail servers, the electronic post
offices that direct message traffic.
E-mail infected with the virus, which its creators call
Melissa, has a topic line that begins, "Important
Message From." Next is the sender's name, which is
often the name of a friend, fellow worker or someone else
known to the recipient.
The message within the e-mail is short and innocuous:
"Here is that document you asked for ... don't show
anyone else ;-)" Attached to it is a 40,000-byte, or
40K, Microsoft Word document named list.doc.
When the recipient opens list.doc, the Melissa virus
automatically searches for an e-mail address book. It then
sends a copy of itself -- the message and attachment -- from
the recipient to the first 50 names it finds in the
recipient's address book, which accounts for the rapid
acceleration across the Internet.
The virus is known to spread rapidly with two popular
e-mail programs, Microsoft Outlook and a slimmed-down
version of the same program, Microsoft Outlook Express,
which is part of the Windows 98 operating system and is
often installed with Windows 95.
Network security administrators said they had seen no
evidence that Melissa was able to open and use the address
books in other e-mail programs, but they did not rule out
the possibility that it could and would do so.
Several anti-virus software makers posted software on
their Web sites that their customers can download to detect
the virus-encoded message and refuse it.
A fix for the general public was available on www.sendmail.com, the Web
site of Sendmail, the Emeryville company whose
post-office software is often used to direct mail on
the Internet.
Eric Allman, a co-founder of Sendmail, said he was
concerned that the problem would worsen on Monday morning
when employees find these messages in their e-mail in-boxes.
"This will get into a lot of mail boxes and lay
dormant," he said. "When employees come in at 8 a.m.
and read these messages, it will cause an explosive
growth of the virus."
Allman characterized the virus' virulence as "not the
worst I'd seen, but it's pretty bad." He added,
however, that it appeared to be the fastest-replicating
virus he had seen.
Individuals can avoid contracting or spreading the virus
simply by not opening the attachment that accompanies the
e-mail. Opening the message alone will not cause the virus
to copy the address list and send itself out.
Alternatively, users can disarm the virus by disabling
the type of program that contains it -- "macros,"
which are small applications used to automate tasks in
Microsoft Word documents. Disabling macros in Microsoft Word
will render the virus ineffective.
Officials from Microsoft said they were not certain of
the magnitude of the virus and emphasized that it could be
easily disarmed. Adam Sohn, a company spokesman, said,
"If folks are careful about what runs on their machine,
they'll always be fine."
The virus overwhelmed employees on Friday at GCI Group, a
public relations firm with offices throughout the United
States.
One contract employee, who exchanges mail with a number
of company employees, said she received more than 500
messages during the day.
"It hosed my entire day," said the employee, Leigh
Anne Varney. "You can't print the words I used. I've
never had this happen before."
This hardly is the first virus to attack and spread
automatically via e-mail, but it is the first to move from
being a controlled, essentially experimental form "into
the wild," said Dan Schrader, director of product
marketing for <#1>Trend Micro, an anti-virus software
maker in Cupertino.
The rapid spread of the program was reminiscent of a 1988
program, known as a worm, written by Robert Tappan Morris,
then a graduate student in computer science at Cornell
University. <#1>Morris' program spread through the
Internet with remarkable speed, ultimately disabling
more than 6,000 computers.
However, the Internet was tiny in 1988 compared with the
size of today's network. As a result the potential for the
spread of the program is truly vast.
"We haven't seen anything impact this many people on
the Internet in a long time," said Schrader. He said
that three of his company's customers had temporarily shut
down their e-mail servers to delete the infected mail.
Whoever wrote the virus also left the message "W97M --
Melissa." The note said the virus was created by
"Kwyjibo," which Trend Micro officials speculated is a
reference to the television show "The Simpsons." In an
episode of the Simpsons titled "Bart the Genius," Bart
Simpson wins a Scrabble game by using the "word"
Kwyjibo.
The theory dovetails with a second impact of the virus:
Once the virus has infected a computer, it will type a
message on the screen when the time of day corresponds to
the date (on March 26 it would be 3:26). The message reads:
"Twenty-two points, plus triple-word-score, plus 50
points for using all my letters. Game's over. I'm outta
here."
Related Sites
These sites are not part of The New York Times on the
Web, and The Times has no control over their content
or availability.
* CERT Coordination
Center, Carnegie Mellon University: Melissa Macro
Virus
* Network Associates:
Melissa Virus Alert
* McAfee Online : Melissa
Virus Profile
* Trend Micro: Melissa
Virus Alert
* <http://www.sendmail.com>Sendmail
* Microsoft Security
Bulletin: Patch for Word Macro Problem
* The Morris Internet
Worm: Background *
Matt Richtel at [log in to unmask]
welcomes your comments and suggestions.
<>Home | Site Index | <search/daily/>Site
Search | <comment/>Forums | <archives/>Archives |
Marketplace
<yr/mo/day/late/>Quick News | Page One Plus | International | National/N.Y.
| Business | Technology | Science | Sports | Weather | Editorial | Op-Ed |
Arts | Automobiles | Books | Diversions | Job Market | Real Estate | Travel
<subscribe/help/>Help/Feedback | Classifieds | Services | New York
Today
<subscribe/help/copyright.html>Copyright 1999 The
New York Times Company
James Hill Craddock
Robert M. Davenport Assistant Professor of Biology
Department of Biological and Environmental Sciences
University of Tennessee at Chattanooga
615 McCallie Avenue
Chattanooga TN 37403-2598
USA
Tel. (423) 755-4341 = office
(423) 785-2285 = fax
e-mail [log in to unmask]
http://www.utc.edu:80/~best/craddock.html
|
