The following is an archived copy of a message sent to a Discussion List run by the Campaign Against Sanctions on Iraq.
Views expressed in this archived message are those of the author, not of the Campaign Against Sanctions on Iraq.
[Main archive index/search] [List information] [Campaign Against Sanctions on Iraq Homepage]
I just received this. I thought that it was pretty important to distribute!
So I'm sending it to all of you.
Vicki
----- Original Message -----
From: <zevei@ibm.net>
To: <zeveiwolf@aol.com>
Sent: Sunday, March 28, 1999 1:59 PM
Subject: New York Times Article on Virus "taking internet by storm" 3/28/99
> ________________________________________________________________________
>
> F r e e d o m * Linking Palestinians & Their Friends * help@alquds.net
> ________________________________________________________________________
>
> This article appeared in the Sunday New York Times of 3/28/99
>
>
>
>
> March 28, 1999
>
>
> New Fast-Spreading Virus Takes Internet
> by Storm
>
> By MATT RICHTEL
>
> AN FRANCISCO -- A rapidly spreading computer virus forced
>
> several large corporations to shut down their e-mail
> servers on
> Friday night as it rode the Internet on a global rampage,
> several leading
> network security companies reported Saturday.
>
> The security companies said early reports of the virus, which
> is carried by
> e-mail, led them to believe that tens of thousands of home and
> business
> computers had been infected on Friday alone. The virus
> reproduces itself
> exponentially, they said, trying to use each infected message
> to send 50
> more infected messages.
>
> "This is the fastest-spreading virus we've seen,"
> said Srivats Sampath, general manager for the
> McAfee Software division of Network
> Associates, a Santa Clara company that makes
> anti-virus software.
>
> Network security experts said that the virus
> appeared to do no harm to the machines it
> infected and that individuals could easily disable
> it. But they said its purpose is to interrupt networks by
> replicating itself so
> rapidly that it overwhelms networks and e-mail servers, the
> electronic
> post offices that direct message traffic.
>
> E-mail infected with the virus, which its creators call
> Melissa, has a topic
> line that begins, "Important Message From." Next is the
> sender's name,
> which is often the name of a friend, fellow worker or someone
> else
> known to the recipient.
>
> The message within the e-mail is short and innocuous: "Here is
> that
> document you asked for ... don't show anyone else ;-)"
> Attached to it is a
> 40,000-byte, or 40K, Microsoft Word document named list.doc.
>
> When the recipient opens list.doc, the Melissa virus
> automatically
> searches for an e-mail address book. It then sends a copy of
> itself -- the
> message and attachment -- from the recipient to the first 50
> names it finds
> in the recipient's address book, which accounts for the rapid
> acceleration
> across the Internet.
>
> The virus is known to spread rapidly with two popular e-mail
> programs,
> Microsoft Outlook and a slimmed-down version of the same
> program,
> Microsoft Outlook Express, which is part of the Windows 98
> operating
> system and is often installed with Windows 95.
>
> Network security administrators said they had seen no evidence
> that
> Melissa was able to open and use the address books in other
> e-mail
> programs, but they did not rule out the possibility that it
> could and would
> do so.
>
> Several anti-virus software makers posted software on their
> Web sites
> that their customers can download to detect the virus-encoded
> message
> and refuse it.
>
> A fix for the general public was available on
> www.sendmail.com, the
> Web site of Sendmail, the Emeryville company whose post-office
>
> software is often used to direct mail on the Internet.
>
> Eric Allman, a co-founder of Sendmail, said he was concerned
> that the
> problem would worsen on Monday morning when employees find
> these
> messages in their e-mail in-boxes. "This will get into a lot
> of mail boxes
> and lay dormant," he said. "When employees come in at 8 a.m.
> and read
> these messages, it will cause an explosive growth of the
> virus."
>
> Allman characterized the virus' virulence as "not the worst
> I'd seen, but
> it's pretty bad." He added, however, that it appeared to be
> the
> fastest-replicating virus he had seen.
>
> Individuals can avoid contracting or spreading the virus
> simply by not
> opening the attachment that accompanies the e-mail. Opening
> the
> message alone will not cause the virus to copy the address
> list and send
> itself out.
>
> Alternatively, users can disarm the virus by disabling the
> type of program
> that contains it -- "macros," which are small applications
> used to
> automate tasks in Microsoft Word documents. Disabling macros
> in
> Microsoft Word will render the virus ineffective.
>
> Officials from Microsoft said they were not certain of the
> magnitude of
> the virus and emphasized that it could be easily disarmed.
> Adam Sohn, a
> company spokesman, said, "If folks are careful about what runs
> on their
> machine, they'll always be fine."
>
> The virus overwhelmed employees on Friday at GCI Group, a
> public
> relations firm with offices throughout the United States.
>
> One contract employee, who exchanges mail with a number of
> company
> employees, said she received more than 500 messages during the
> day.
>
> "It hosed my entire day," said the employee, Leigh Anne
> Varney. "You
> can't print the words I used. I've never had this happen
> before."
>
> This hardly is the first virus to attack and spread
> automatically via e-mail,
> but it is the first to move from being a controlled,
> essentially experimental
> form "into the wild," said Dan Schrader, director of product
> marketing
> for Trend Micro, an anti-virus software maker in Cupertino.
>
> The rapid spread of the program was reminiscent of a 1988
> program,
> known as a worm, written by Robert Tappan Morris, then a
> graduate
> student in computer science at Cornell University. Morris'
> program
> spread through the Internet with remarkable speed, ultimately
> disabling
> more than 6,000 computers.
>
> However, the Internet was tiny in 1988 compared with the size
> of today's
> network. As a result the potential for the spread of the
> program is truly
> vast.
>
> "We haven't seen anything impact this many people on the
> Internet in a
> long time," said Schrader. He said that three of his company's
> customers
> had temporarily shut down their e-mail servers to delete the
> infected mail.
>
> Whoever wrote the virus also left the message "W97M --
> Melissa." The
> note said the virus was created by "Kwyjibo," which Trend
> Micro
> officials speculated is a reference to the television show
> "The Simpsons."
> In an episode of the Simpsons titled "Bart the Genius," Bart
> Simpson
> wins a Scrabble game by using the "word" Kwyjibo.
>
> The theory dovetails with a second impact of the virus: Once
> the virus
> has infected a computer, it will type a message on the screen
> when the
> time of day corresponds to the date (on March 26 it would be
> 3:26). The
> message reads: "Twenty-two points, plus triple-word-score,
> plus 50
> points for using all my letters. Game's over. I'm outta here."
>
>
>
> Related Sites
> These sites are not part of The New York Times on the Web, and
> The Times has
> no control over their content or availability.
>
> CERT Coordination Center, Carnegie Mellon University:
> Melissa
> Macro Virus
>
> Network Associates: Melissa Virus Alert
>
> McAfee Online : Melissa Virus Profile
>
> Trend Micro: Melissa Virus Alert
>
> Sendmail
>
> The Morris Internet Worm: Background
>
>
> Matt Richtel at mrichtel@nytimes.com welcomes your comments
> and suggestions.
>
>
>
>
>
>
>
> Home | Site I
>
>
--
-----------------------------------------------------------------------------
This is a discussion list run by Campaign Against Sanctions on Iraq.
To be removed/added, email soc-casi-discuss-request@lists.cam.ac.uk, NOT the
whole list. Archived at http://linux.clare.cam.ac.uk/~saw27/casi/discuss.html