Volume 4, Number 5
In case you missed it, the biggest catastrophe to strike the Internet just struck. On March 26, sometime around 4 PM, a list of pornography sites appeared on alt.sex. The list just happened to be in a Microsoft Word 97 document, and that document just happened to contain the melissa virus.
The melissa virus is a Word macro virus, meaning it operates by running a macro script embedded in the Word document. All a user has to do is open the document. If the user also happens to have another Microsoft product, Outlook 97 or 98, installed melissa would then send the list of porno sites (and the virus) to the top 50 people in the users address book. All this would be done without the users knowledge. Each of these recipients would get an email from someone they know, with the subject - "Important message from ", and then the name of the user. They would open the document, become infected, and then pass it on to 50 other people.
Like I said, the virus first appeared in the wild at 4 PM. By midnight, email servers all over the globe were shutting down. The virus was mailing out so many copies of itself, so quickly, that servers were running out of processing power and hard drive space. The utility that we use most on the Internet, email, was effectively taken away from us within 8 hours. Even those users who don't use the vulnerable Microsoft products were probably affected, since they rely upon an email server from their Internet Service Provider, which was probably getting buried.
It took a lot longer than 8 hours to get back on track. Defeating melissa required that several layers of defense be built around a businesses network. First, some sort of filtering had to be provided on the email server. Second, since the damage was already done, and the virus was so widespread, every single users computer had to have it's antivirus software either installed or updated. Last, every user on the network had to be made aware that if they recieved an email with the subject - "Important message from" to delete the email and not open the document.
On a network of several thousand users, this can become a nightmare. Further, on a distributed network, with users all over the country, this becomes a true challenge of a companies contingency procedures. On the email server, if a company was using the common sendmail package running on Unix, a configuration was quickly published that would scan the subject of every incoming message looking for the "Important message from" line. If found, refuse to accept the message. Other email servers usually had to buy an add-on package that would filter for the key words. This filtering helped keep any more messages from coming in, but the workload on the servers was increased at the same time that the virus was sending a higher than normal traffic load. Lock ups became common.
On the client computer, the antivirus software had to be upgraded. This was partly due to the antivirus companies also being taken off guard by the speed of melissa. Upgrades on each and every computer in an organization takes lots of people, which takes lots of money. Melissa was expensive.
And expense is the important thing in Internet crime. If I cause a hundred web browsers to open on your computer until it crashes, that was annoying, not necessarily expensive. Getting a forensic computer crime unit to follow up on what happened would be impossible. The FBI is busy. If you haven't lost millions, then you fall in queue behind those companies that have. Melissa cost the government and business billions. That's why the FBI, with the help of a couple well versed security folk, found and arrested melissa's author.
David L. Smith was charged with interrupting public communication, conspiracy to commit the offense, and the attempt to commit the offense. That doesn't even include federal charges the FBI may decide to bring forward. The maximum he faces so far is 40 years and an half a million dollars in fines. For a virus.
Interesting side note: The melissa virus was traced to him using a signature that is automatically inserted into every Word document by default. This signature uniquely identifies the host computer that the document was written on. It sure helped find our virus writer, but why is it in there. Are you being watched?
In other news: I went to Florida for Spring Break. Great time. Wonderful place to live. Got my tongue pierced. Came back and bought a new computer. Now I'm a freaky geek. Or a geeky freak. Not sure which.
Enjoy all. Here's a blessed five links.
5 Links to Make You Think
Copyrights 1996, 1997, 1998, 1999 by the Author, and SCROOMcomm, Ltd.
Page maintained by Me