''Melissa'' virus hits Internet, may cause havoc Monday@ (Recasts, adds quotes, detail throughout)
March 29, 1999
--------------------------------------------------------------------------------
SAN FRANCISCO, Reuters [WS]: A virus that spreads a list of pornography sites via e-mail hit computers over the weekend and threatened havoc Monday as workers return to offices and begin opening messages sent over the Internet.
The virus, called ''Melissa,'' comes in the form of a document that lists pornography sites on the World Wide Web.
Computer experts said the virus was aimed at widely used Microsoft (MSFT-O) Windows-based e-mail address book software, Outlook and Outlook Express, and it can send up to 50 additional versions of the e-mail to other users, threatening a widespread infection of computer systems.
That could create a flood of unwanted e-mails around the Internet as the programme perpetuates itself using pre-programmed ''macros,'' software embedded in the Windows operating system that sets off complex computer functions with one command.
''It could grow explosively and shut down e-mail systems as a side effect,'' Eric Allman, co-founder of the Emeryville, Calif.-based Sendmail, a widely used provider of e-mail services, said in an interview Sunday.
A number of leading software security firms and academic experts posted warnings about the e-mail threat, including Network Associates, the leading anti-virus software maker.
''Melissa is widely reported and spreading quickly via mass e-mail, a function of the viral infection,'' said Network Associates based in Santa Clara, Calif.
Carnegie Mellon University's Software Engineering Institute issued an advisory, which said, ''The number and variety of reports we have received indicate that this is a widespread attack affecting a variety of sites.''
The only damage the virus causes is that it replicates itself and creates a flood of e-mail, though it apparently does not hurt the computer itself, experts said.
The real danger is that the virus will overwhelm the server computers that handle computer messaging systems, which could lead to system shutdowns as each e-mail multiplies itself 50 times. Already, a wave of the e-mails has been sent out and awaits office workers Monday morning.
''It's not doing malicious things or removing files or anything like that,'' Allman said. ''I've heard claims that it has been doing more but I haven't seen any substantial verification of that. It's really more of a wake-up call, that shows us how you could take a malicious virulent virus and reproduce it all over the place very quickly.''
Computer experts warned users to be wary of documents sent from any senders asking them to open up a file for Microsoft Word. That file, in turn, asks for a prompt asking users whether they want to initiate a ''macro,'' and requires users to approve its use. Those checkoffs make it relatively easy to avoid the problem.
Microsoft itself has simply warned users to ''be careful about what runs on their machine,'' the New York Times reported. Carnegie Mellon said, ''our analysis indicates that human action (in the form of a user opening an infected Word document) is required for this virus to activate.''
The virus can be identified, Network Associates said, because it will read ''Important Message From Application.UserName.'' The body of the text reads ''Here is that document you asked for ... don't show anyone else'' and contains a list of pornographic Web sites.
Melissa creates the following entry in the registry: HKEYCURRENTUSER/Software/Microsoft/Office/''Melissa?''
Network Security said that to avoid the risk of contracting the Melissa virus, ''it is recommended that network administrators and users upgrade their anti-virus software to include detection and cleaning for W97M/Melissa.''
Network Security posted information about the virus on its the Web site of its Avert Labs division (http:/www.avertlabs.com), Sendmail also posted advice on the Melissa problem at http:/www.sendmail.com and Carnegie Mellon posted information on its site as well (http:/www.cert.org).
Computer experts said that if advisories were followed, the problem would probably not become a widespread worry.
''I suspect we'll see a day or two of extremely high e-mail loads and then it will just die out, so in some sense this virus is not that critical but it's one what demonstrates what could happen if a truly malicious virus were released,'' Sendmail's Allman said. ''The ability to spread something so broadly is scary.''
[Copyright 1999, Reuters]
|
