|
|
|
 |
Companies bracing for e-mail virus Overloaded servers may crash with start of week 03/29/99 By Doug Bedell / The Dallas Morning News
American corporations braced Sunday for anticipated mail server problems this week from an insidious new e-mail virus that has propagated itself through hundreds of thousands of computers since Friday.
Melissa, also known as W97M.Mailissa virus, swept out of Western Europe and a sex newsgroup, then proceeded to wreak havoc on e-mail servers coast-to-coast, according to experts on computer viruses.
The crisis could widen Monday morning as office workers return to their computer work stations, they warned. They suggest users delete unknown e-mail and attachments, disable macros and run virus scans.
Opening an e-mailed Microsoft Word attachment automatically spawns 50 more Melissa messages, which are then sent through Microsoft Outlook software.
"We're getting so many reports from across the world that we know this is going to be a huge problem come Monday," said Katherine Fithen, a manager at Computer Emergency Response Team, Carnegie Mellon's Department of Defense-funded computer security team.
By late Sunday, damage was already severe.
"Because there's so much e-mail passing through a server, it's basically taking down the servers," said Srivats Sampath, general manager at Network Associates Inc.'s McAfee VirusScan unit.
Network Associates said 20 large companies reported problems by Friday afternoon. Among them was one corporation that has 60,000 users.
Other Melissa problem reports included:
* Microsoft Corp., where incoming and outgoing company e-mail was temporarily halted Friday, then restarted.
* Intel Corp., where some e-mail servers crashed as a result of Melissa's load.
* Waggener Edstrom, Microsoft's public relations agency, where infected mail was detected in alarming numbers.
* Lucent Technologies, where some e-mail operations were compromised, according to Eric Allman, chief technology officer at Sendmail, which makes a popular e-mail routing program.
The virus is similar to an "autospam" 1997 virus called "Share Fun," which, like other viruses, can spread through the address books of e-mail programs. None of the previous viruses has been this effective, said a Network Associates spokesman.
"The propagation rate has been alarming," the spokesman said.
Melissa uses Microsoft Word macros - small programs capable of executing multiple tasks from within documents - to disseminate a list of about 80 pornographic Web sites. It works with either Word 97 or Word 2000, according to anti-virus companies.
The program is efficient. Because it uses the e-mail addresses contained on each computer it infects, later recipients are likely to think the message is coming from someone they know. Infected Melissa messages contain the subject line, "Important message from . . ." followed by the sender's name.
The body reads, "Here is that document you asked for . . . don't show anyone else ;-)." The e-mail includes an attached Word file, "list.doc," which includes the pornographic sites' addresses.
The virus doesn't appear to cause any damage to infected computers. However, it does inject a sentence from TV character Bart Simpson into documents being prepared when minutes of the current time match the date - for example at 3:26 p.m. on March 26. The line reads: "Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here."
Other viruses have used similar techniques, but not to send out mass messages, known as spam. And network administrators across the country are worried that this kind of virus could be replicated with more disruptive results.
Some, posting in newsgroups such as alt.comp.virus, are calling Melissa "worldwide spam."
Because the virus spreads itself automatically, it could be termed a "worm" - a virus that builds and builds on itself. The infection comes in the Normal.dot file inside Microsoft Word. Any future documents created using that format would pass on Melissa by design.
The author, as yet unknown, apparently realized his creation was a hybrid bound to cause problems. Inside the program's code, he left the message: "Worm? MacroVirus? Word 97 Virus? Word 2000 Virus? You Decide!"
Carnegie Mellon's computer security team first heard of the virus Friday afternoon, and its members worked through the night to analyze the virus and develop a fix, Ms. Fithen said.
Elsewhere, Symantec's Anti-Virus Research Center, Dr. Solomon's Virus Center, Microsoft, Sendmail and Network Associates also scrambled to update patches and virus-cleansing software.
Administrators such as Bob Mason, director of operations for information technologies at The Dallas Morning News, urged caution for anyone opening mail.
For him and other computer professionals, virus alerts are nothing new. More than 21,000 different kinds of viruses are already known, he pointed out.
Anti-virus programs should be regularly run on all computers and updated frequently, Mr. Mason said. "Sometimes I check and there are 20 new ones in one day," Mr. Mason said. "The sheer number of people who are out there now on the Internet means you are going to run into these problems occasionally."
Mr. Mason and other experts urge users not to open e-mail from unknown sources.
"That's the biggest thing," Mr. Mason said. "If you get random e-mail, just delete. And if you do open mail up, disable the macros."
The ability to disable macros such as Melissa is available through normal Microsoft Word user settings under Tools/Options/General.
Yet, F. Lee Pyles of Rowlett, a computer specialist and president of ComPyles Computers, said many users just click through any options to disable macros every time they open documents.
"Everybody bypasses all these security features," said Mr. Pyles. "People will turn off all these warning screens. They're going to have to back up and start re-thinking that kind of behavior because of these sorts of damaging bugs."
The Associated Press contributed to this report.
|
|
Back to Top