You've got Melissa

On March 26, thousands of computers across the world were infected with the 'Melissa' virus through the Internet. Many large corporations had to shut down their e-mail servers for the day. Just how vulnerable is the electronic age?

Published: Saturday 15 May 1999

this was the message received by hundreds of thousands of e-mail users across the world on Friday, March 26. It had come with the subject "Important message from..." followed by the name of a familiar person, and contained a Microsoft Word document named "list.doc". As soon as the document was opened, the message automatically sent itself to the first 50 e-mail addresses on the computers of the users. The same story was repeated with the 50 people who received this message, and the cycle went on spreading rapidly.

This is the computer virus Melissa in action. Computer viruses are one of the unforeseen by-products of the information age. Tiny computer programmes written by pranksters, they can spread automatically from one machine to another, sometimes doing serious damage such as destroying data.

While Melissa was a nuisance for many, it does not appear to have done any serious damage to personal computers and computer systems across the world. Yet computer experts warned that Melissa was but a taste of things to come as the World Wide Web conveys mischievous bits of computer software to millions of people in a matter of hours. "They (the makers of computer viruses) are really taking advantage of the ability of the Internet to deliver stuff quickly," said Roger Thompson, research director at icsa Inc, a computer-security company in Reston, usa .

It is a clever virus because it exploits both computers and the people who use them, said Mark Rasch, a computer security expert with Global Integrity, a security consulting company in Reston. "This file (that contains the virus) is coming from someone you know and supposedly trust," he added.

"This is the fastest spreading computer virus we have seen," said Srivats Sampath, general manager for the McAfee Software division of Network Associates of Santa Clara, California, a company that makes antivirus software. "We have not seen anything impact this many people on the Internet in a long time," said Dan Schrader, director of product marketing for Trend Micro, an antivirus software maker in Cupertino, California. Network experts have pointed out that the aim of the virus was not to do harm to the machines it infected but to interrupt networks by replicating itself so rapidly that it overwhelms networks and the servers that direct e-mail. The Melissa virus spreads through Microsoft Corp's Outlook e-mail system and affects users of Microsoft Word.

The Computer Emergency Response Team ( cert ), a computer security group at Carnegie-Mellon University, managed to contain much of the damage by putting out alerts over the weekend. cert informed that it had received reports of the virus hitting about 100,000 computers at 250 organisations. The team assumed that the total was much larger. An advertising company reported to cert that its 500-employee computer network was buffeted by 32,000 e-mail messages in a 45-minute period, effectively shutting down legitimate uses of e-mail.

The severity of the attack of Melissa underscores a problem caused by Microsoft Corp's market dominance, according to Eugene Spafford, computer security expert at Purdue University. "We have created this incredibly homogenous environment" in which many, many computers run the same programmes, creating a large population with no immunity like "the Spaniards bringing smallpox to the Incas", Spafford said.

On the other hand, there are those who say that the media hype about computer viruses is not justified. "Not often told is the reality that the networked world is astonishingly complex and that the complexity is both a nettlesome bane and an accidental boon. In such a world, while the illusion can be created that Melissa strikes everyone, the reality is that the complexity and variety of technology ensures that for every person set upon by something like Melissa, many more will actually never see it and more still will not be vulnerable," wrote George Smith, editor of the Crypt Newsletter, an Internet publication on computer security and computer crime, in the Wall Street Journal .

Individuals can avoid contracting or spreading the virus simply by not opening the attachment that accompanies the e-mail. Opening the message alone will not cause the virus to copy the address list and send itself out. Alternatively, users can disarm the virus by disabling the type of 'macro' that envelops it (macros are small applications used to automate tasks in Microsoft Word documents).

Further information about countering the virus is available on the World Wide Web at CA-99-04-Melissa-Macro-Virus.html and also at datafiles/valerts/vinfo/melissa.asp . n

Subscribe to Daily Newsletter :

Comments are moderated and will be published only after the site moderator’s approval. Please use a genuine email ID and provide your name. Selected comments may also be used in the ‘Letters’ section of the Down To Earth print edition.