Warning - Don't open any strange e-mails today. New Virus.
Story fro. WSJ and a 2nd from The Register
________________________________
March 29, 1999
You Got Mail, and You Don't Want It:
Virus Infects Computers Around World
By DEAN TAKAHASHI
Staff Reporter of THE WALL STREET JOURNAL
Computer experts grappled over the weekend with an insidious virus program that rocketed around the world by e-mail and could cause more chaos Monday.
The virus affects personal computers that have Microsoft Corp.'s Word software and its mail programs, Outlook or Outlook Express. Once activated by unwary users, the virus causes each PC to send 50 copies of a message containing a list of pornographic Web sites, generating a flood of traffic that brought many corporate e-mail systems to a halt on Friday.
Melissa, as the virus was dubbed by computer-security experts, causes no direct damage to infected PCs and, once it has been activated, can be deleted by using a software utility that is now widely available.
Vulnerable Systems
But the incident demonstrates the continued vulnerability of networked computer systems to rogue software, and how quickly such programs can move along the global Internet.
"The proliferation of this virus is something we have never seen before," said Srivats Sampath, a general manager at Network Associates Inc., one of several antivirus concerns tracking the outbreak. The Santa Clara, Calif., company and others predicted that virus might spread further if PC users aren't wary. "We think it will be even bigger on Monday," said Sal Viveros, another manager at the firm.
Melissa exploits a mailing-list feature in the Microsoft programs to generate messages that appear to recipients to come from a friend or associate. The subject line of the message begins with "Important message from" followed by the name of the person who unwittingly passed on the message. The body of the message reads, "here is the document you asked for ... don't show anyone else ;-)."
Delete Without Opening
The virus isn't activated unless users call up a Word file, named "list.doc," that is attached to the mail message. Users can avoid infection by deleting the message without opening the file.
At certain times, such as when the date as expressed in numbers matches the time, the virus will type a message in a Word document quoting Bart Simpson, "Twenty two points plus triple word score plus fifty points for using my letters. Game's over. I'm outta here."
Network Associates, said it received calls Friday from 80 companies infected by the virus, and estimated that about 30% were forced to shut down their e-mail systems. Microsoft was among the companies affected, temporarily halting all outgoing mail while it addressed the problem.
Around the World in 16 Hours
Melissa seems to have started in Western Europe, first appearing via an anonymous posting at the alt.sex newsgroup on the Internet at 12:15 a.m. Greenwich Mean Time Friday, Network Associates said. Less than 16 hours later, the company and other antivirus groups began getting reports of infections from around the world.
Carnegie Mellon University's Computer Emergency Response Team posted an advisory (www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html) on how to combat the virus, the first time it has taken such a step regarding a virus in five years. Though less harmful than some viruses, CERT said Melissa may send Word documents from infected machines to the e-mail virus recipients, thereby "leaking sensitive information."
One company affected Friday afternoon was Intel Corp. The chip maker's public-relations department made urgent calls to some journalists warning them not to open the mail from the company's top communications executive. "It's hard for us to tell how widespread it was within Intel," said Thomas Waldrop, a spokesman for the company in Santa Clara, Calif. "It's apparently made its way around."
Adam Sohn, a Microsoft spokesman, said it shut down outbound mail so it wouldn't infect customers or partners. It has now installed software that filters incoming mail for the virus, and has restarted outbound mail service.
"It's pretty much under control" at the company, Mr. Sohn said. "We can't say what's going to happen on Monday."
CERT advised computer users to disable the "macro" function in Word that the virus exploits. Software patch programs that can remove it from infected machines are available at the Web sites of companies that include Trend Micro Inc. (www.antivirus.com), SendMail Inc. (www.sendmail.com) and Network Associates Inc. (www.avertlabs.com).
Companies also can update antivirus programs to stop infected mail before it gets to users.
__________________________________________________________________
Posted 29/03/99 11:34am by Linda Harrison
Melissa virus threatens to bring email to a halt
Email users today face being tricked into passing on a new kind of chain-letter virus which could crash their PC systems and clog-up their servers.
The threat, going by the name Melissa, affects through Microsoft Word 97, Word 2000 and Outlook programmes. Hundreds of thousands of PCs have already been affected, according to today's Financial Times.
The virus strikes by sending an email entitled "Important message from…" followed by the senders' name, deceiving users into believing they recognise the sender.
Messages usually read: "Here is the document you asked for. Don't show it to anyone else". A Word document is attached to the email, normally named List.doc.
Inquisitive recipients get a list of 80 pornographic Web sites plus the virus infection. From there, 50 names are picked from the recipient's address book and each is sent a new message carrying the virus. The whole process is then repeated.
The virus itself does little to actually damage unlucky recipients' PC systems, though it may disable anti-virus protection software. The real threat comes from the sheer volume of traffic it can create, enabling it to clog company email servers and the Internet.
Once Melissa is inside your PC it will infect your Word documents. It will only become activated if it is activated at a time when the minutes of the hour match the day of the month. For example, 10 minutes past the hour on the 10th day of the month.
It will then insert the following phrase into the open Word document: "Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game's over. I'm outta here.”
The bug was discovered on Friday and warnings were issued over the weekend.
The Dr Solomon's anti-virus patrol unit of software company McAfee found it first at the alt.sex newsgroup on Friday afternoon. The Computer Emergency response Team at Carnegie Mellon University in Pittsburgh put out an alert the next day, warning Melissa could put email systems out of service.
Companies acted rapidly to the advice. Intel turned off all external and internal email worldwide on Saturday morning to do checks and stop any risk of spreading. The chip giant's email service resumed as normal on Saturday evening.
Melissa is one of the fastest spreading virus encountered so far, according to anti-virus company DataFellows.
"We've never seen a virus spread so rapidly," comments Mikko Hypponen, DataFellows' manager of anti-virus research. "We've seen a handful of viruses that distribute themselves automatically over email, but not one of them has been as successful as Melissa in the real world."
Hypponen said he expected many companies to encounter the virus today, possibly causing chaos to their systems. ®
|
