April 5, 1999
The Meaning of the Melissa Virus
By Bob O'Donnell
Computer viruses are an unfortunate fact of life in today's corporate world. And, as
last week's outbreak of the Melissa virus proved, it's a problem that won't go away.
In fact, the Melissa virus -- which is essentially a very clever Word macro virus --
points out a number of alarming new trends that are hitting the virus world. Most
importantly, the speed and breadth with which Melissa hit is unprecedented. As Stephen
Trilling, Director of Research at Symantec's AntiVirus Research Center put it,
"Melissa is an Internet virus that spread in Internet time." Within about a
12-hour period after its first release, Melissa had affected hundreds of thousands, if not
millions of PCs -- which is part of the reason the virus got so much coverage from both
the high-tech and general press.
According to statistics from anti-virus software vendors Network Associates and
Symantec, nearly 80 percent of their corporate clients were infected by Melissa and as
many as 50 percent of those clients chose to or were forced to shut down their e-mail
systems for a period of time while they worked on eradicating the virus. Given the number
of companies and workers involved, that's a staggering amount of lost productivity.
Part of the reason that Melissa was so effective was that it used the Internet and
e-mail to do its damage. Certainly other viruses have been spread via e-mail, but because
of the way Melissa was created, none have had as far-reaching or as fast an impact.
The way Melissa works is it sends out an e-mail message with an infected Word file
attachment and as soon as anyone opens the attachment, another 50 copies of the message
are automatically sent out to 50 people in the recipient's Outlook (not Outlook Express)
address book.
Multiply that process thousands and thousands of times over and you can see how
devilishly clever the virus was in replicating itself. Plus, given the fact that any
Melissa-infected Word file -- not just the one that started the virus -- could be sent out
from an infected PC without the user knowing about it, the virus opened a huge potential
security hole. The problem is that private or secret documents being sent to a trusted
colleague could be inadvertently passed along to 50 people from his or her address book.
Even worse, Melissa managed to break down the trust level involved in receiving e-mail
attachments from people you know. It's been relatively common practice to delete any
messages with attachments from people you don't know, but until now, you've generally been
safe to trust attachments you receive from known parties. In the aftermath of Melissa and
all its copycat variants, however, even that practice is no longer completely safe because
a virus may send infected messages to people in your own address book. As a result, all
e-mail attachments must now be treated as suspect.
Anti-virus experts also fear that the Melissa virus moves us a step closer to the day
when simply opening an e-mail message (even without an attachment) will enable a virus to
inflict its damage. Given how quick people are to at least preview all the e-mail they get
-- regardless of the source -- that day is bound to bring with it a heavy toll.
In fact, the proliferation of Melissa and potentially more destructive viruses that it
may spawn points to the growing need for virus scanning to occur further up the chain than
the desktop. In many instances, by the time a virus reaches a desktop, it's too late. As a
result, IS managers, ISPs, and others involved with running mail servers ought to give
some serious thought to beefing up their anti-virus support at the gateway/firewall and
server levels.
Of course, all the prevention in the world won't prevent some viruses from getting
through and causing some damage. But let's hope that the Melissa virus can serve as a
wake-up call (or reminder call) to IS managers, to build a safe, secure environment for
their users.
©
Copyright 1999, by InfoWorld Publishing Corp., a
subsidiary of IDG Communications, Inc. Reprinted from InfoWorld,
155 Bovet Road, San Mateo, CA 94402. Further reproduction is prohibited.
