Interesting People mailing list archives
IP: More on "Epidemic virus infects corporate e-mail"
From: Dave Farber <farber () cis upenn edu>
Date: Sat, 27 Mar 1999 15:28:02 -0500
I am sending out the full text of this due to its criticality for many. djf
From: jspira () basex com To: farber () cis upenn edu Date: Sat, 27 Mar 1999 15:26:35 -0500 Subject: More on "Epidemic virus infects corporate e-mail" Dave, The implications of this, esp. the concept of MS' and Intel's networks being brought to their knees, are very troublesome, to say the very least. Below is very good coverage of this by PC Week. /s/ Jonathan Jonathan B Spira E-mail jspira () basex com The Basex Group, Inc URL http://www.basex.com 15 E 26th Street Tel +1 (212) 725-2600 x113 New York, NY 10010 USA Facsimile +1 (212) 532-5406 To: InfoBasex By (Document link not converted)Mary Jo Foley, (Document link not converted)>converted)Sm@rt Reseller, and (Document link not converted)Lisa M. Bowman A number of Microsoft Corp. Outlook/Exchange customers -- including Microsoft itself, as well as Intel Corp. -- are being hit hard by a macro virus that is replicating infected pornography-related information throughout corporate email systems. The virus, which was identified by Network Associates Inc. (Nasdaq: (Document link not converted)NETA) as 'Melissa,' originated in Western Europe and was first discovered on the alt.sex newsgroup. Computer security experts said the virus wreaked havoc with corporate e-mail as it sped across the Internet on Friday. "The proliferation of this virus is something we've never seen before," said Srivats Sampath, a general manager at Network Associates. He said that 60,000 people at one company had been affected. He refused to identify the company. "Because there's so much e-mail passing through a server, it's basically taking down the servers," Sampath said. He added that twenty large companies were affected by late afternoon -- including as many as 60,000 in one company. Microsoft e-mail suspended At Microsoft (Nasdaq:(Document link not converted)MSFT), the company suspended all incoming and outgoing Internet mail Friday. "We're a victim, like any other company on the outside," of this virus, said a Microsoft spokesman. The spokesman said Microsoft's product support division has been in contact all day via e-mail and phone with Microsoft's customers and partners, alerting them about the virus. "We made an IT (information technology) decision in the early afternoon and agreed it was pro-customer and pro-partner to shut down our Internet mail portion. As soon as we feel tight on this, probably in the next few hours, we will turn this back on and process all the mail in the queue." At least one division of Intel Corp. (Nasdaq:(Document link not converted) INTC) also reported problems resulting from the macro virus. A public relations spokesperson acknowledged that some of the company's e-mail servers had gone down as a result. A representative at Waggener Edstrom, Microsoft's public relations agency, which also was hit by the virus, according to several sources, acknowledged problems caused by a 'malicious macro virus.' Melissa's sophisticated bite The Melissa virus propagates via e-mail. Attached to the e-mail is a Word file that, if opened, launches a macro that replicates a message to the first 50 names in the recipient's Outlook address book. The subject line reads: "important message from," followed by a user name. The body consists of a text message that says, "Here is that document you asked for... don't show anyone else;-)." The infected documents reportedly contain porn Web site information. The virus specifically affects Outlook and does not trigger the multiple e-mails on other messaging platforms, such as Lotus Notes. However, people using e-mail software other than Outlook may be able to spread affected files by sending them to Outlook users, experts said. McAfee added the virus to its virus database Friday. More information on the virus is can be found on (Document link not converted)McAfee's site. "It sounds pretty sophisticated," said Peter Deegan of (Document link not converted)Woody's Office Watch, who'd been notified of the virus but hadn't seen it. He said the virus sounded unusual because of its effect on mail servers. Usually, such viruses attack individual machines, but this one apparently can overload mail services by sending out repeated messages. People cannot get the virus by merely opening up a message, only by opening the attached document. "Always be careful of anything that arrives by e-mail," he said. The virus also appears to turn off Office's macro protection, which could leave users more vulnerable to future viruses. After cleansing their machines of the virus, those affected might need to reactivate the macro protection. In another twist, the virus causes a specific phrase to pop up when the time of day, matches the date (for example, at 3:26 on March 26). The phrase reads: "Twenty-two points plus triple word score, plus 50 points for using all my letters. Game's over. I'm out of here." Right now, that feature is benign, but security experts say it could be used to delete files if a malicious hacker creates another version of the virus. Word 97, Word 2000 vulnerability Antivirus software vendor TrendMicro noted on its (Document link not converted)Web site that the so-called W97M_Melissa virus can attack via both Word 97 and Word 2000 documents. If the virus attacks via Word 2000, says TrendMicro, "it will lower the security setting to the lowest level by modifying the registry and will disable the Word menu commands (MacroSecurity) which allows the user to reinstate security settings." "A minimum of 20 major companies been infected. This is spreading faster than any virus we've seen before, because we've only seen a few email-activated viruses in the wild before this," noted Dan Schrader, director of product marketing. Schrader says the best way for companies to stamp out Melissa is to run virus protection software at the server, not the desktop, level. TrendMicro says it already updated all of its products to detect this virus as of today. The company also is offering a (Document link not converted) free service on its Web site, allowing administrators and customers to scan their machines for any virus, including Melissa. Additional reporting by ZDNN's Charles Cooper and >Additional reporting by ZDNN's Charles Cooper and Sm@rt Reseller's Deborah Gage.
Current thread:
- IP: More on "Epidemic virus infects corporate e-mail" Dave Farber (Mar 27)