-Caveat Lector-
Tuesday March 30 1:49 AM ET
'Melissa' Virus Plays Havoc With E-Mail
By Dick Satran
SAN FRANCISCO (Reuters) - A computer virus described as the most widespread
ever hit the Internet Monday, forcing some companies to shut electronic mail
systems and prompting an investigation by the FBI cybercrime unit.
Computer security firms had issued warnings through a wide variety of media
over the weekend that the virus called ''Melissa'' would be sprung on millions
of users.
``This has caused the havoc we expected,'' said Sal Viveros, a vice president
of marketing at the No. 1 computer security firm, Network Associates Inc., in
a Monday conference call. ''It's seriously hit virtually everyone.''
The virus, named Melissa, greeted huge numbers of workers as they signed on to
their e-mail systems at the start of the work week, spreading ``more quickly
than any other virus in the history of viruses,'' Viveros said.
The Federal Bureau of Investigations's National Infrastructure Protection
Center said it was notified of the virus Friday and has received reports of
``significant network degradation and e-mail outages'' at major corporations
and Internet service providers.
The virus uses a high-powered automation technology built into most personal
computers, and a simple, personal touch, to propagate itself.
Often disguised as a message from a friend or colleague, Melissa is a simple
e-mail sent to unsuspecting users, saying ''Important message from....'' But
when users open the message, it can cause a flood of new e-mails to be sent
over the Internet from the reader's own online address book.
Clicking on the e-mail triggers a powerful ``macro'' -- automation software
built into millions of computers using Microsoft's Windows operating system --
that can automatically trigger up to 50 new e-mails.
In many cases, computer users are warned of the presence of the automated
messaging, but the virus de-activates the warning system for some computers,
making it harder to detect.
The virus appeared not to have caused any significant damage to computers,
although it flooded some e-mail services and exposed a weakness that future
hackers could exploit more maliciously.
Indeed, Network Associates said a more damaging virus, code-named ``Papa'',
had already cropped up Monday. It was a more elaborate program using a similar
e-mail delivery of a macro that could disrupt Excel spreadsheets.
The biggest impact, though, appeared to come from a temporary shutdown of
computer systems by cautious computer managers trying to keep their systems
from being overwhelmed. Computer experts said it was also possible that other
confidential documents could be sent inadvertently, though Network Associates
knew of no such cases.
``A number of our large customers have had to take their servers down and for
a lot of companies e-mail is the main method of communications,'' said Network
Associates's Viveros. ''Having that down has caused lots of havoc.''
At Pittsburgh's Carnegie Mellon University, the Computer Emergency Response
Team received scores of inquiries.
``We are getting a steady stream of phone calls this morning from
organizations who have been affected by the virus,'' Jeff Carpenter at CERT
said Monday.
CERT estimated the bug affected more than 100,000 machines. Carpenter said
more than 150 companies had complained about Melissa.
The virus comes in the form of a document that lists pornography sites on the
Internet's World Wide Web of computer networks.
One office worker in Austin, Texas, Jennifer Mehlow, said she got a message
that appeared to be from a colleague in the company. But when she saw the list
of porn sites, she reported it to her computer system manager. By then, the
macro had been triggered, sending scores of messages over the Internet.
``I came in this morning and I had 213 nasty e-mails attacking me,'' said
Mehlow, a press relations specialist at Fleishman-Hillard in Austin.
Lucent Technologies Inc. (NYSE:LU - news) the world's largest
telecommunications equipment maker, Friday received a copy of the tainted
note. It shut its e-mail system for the weekend in an effort to inoculate
itself, a Lucent spokesman said.
Intel Corp. (Nasdaq:INTC - news) and Microsoft Corp. (Nasdaq:MSFT - news) were
other leading companies that reported being hit by Melissa, although Microsoft
Chairman Bill Gates said the response generally showed the industry's anti-
virus system works well.
``We and some of our partners who focus on the whole antivirus area had to
respond pretty quickly last week,'' said Gates in a conference call. ``As far
as I know, that information is getting out to people and this particular virus
has been addressed.''
Several anti-virus software makers, including Network Associates Inc. and
Symantec Corp. (Nasdaq:SYMC - news), Sendmail Inc. and Trend Micro have posted
to their Web sites programs that can detect the virus and repair systems that
have been infected.
Warning! Melissa Virus
Microsoft Word and Outlook users
A new Microsoft Word 97 and Microsoft 2000 virus named Melissa was discovered
on Friday, March 26, 1999, and is said to be spreading widely on the Internet.
You can become infected with this virus by downloading and opening an infected
Microsoft Word document attached to an e-mail. The e-mail may look similar to
the sample e-mail provided below, or it may have no subject line at all. You
can also become infected by downloading an infected file inadvertently sent to
you by an infected friend or colleague. Once the downloaded file is opened,
the virus spreads to all Microsoft Word files created or edited on the
infected computer.
Note! This infected e-mail may come from, or look like it came from someone
you know! Be alert for short e-mails that ask you to download an attached
file. And always be cautious in downloading files from people or sources you
do not know.
Once your computer is infected, it will spread the virus in one of two ways.
If you also use Microsoft Outlook, the virus will be automatically e-mailed as
an attached file to the first 50 people in your Outlook address book. Those 50
people will receive an e-mail like the one provided below. Second, you will
inadvertently infect others if you send them infected Microsoft Word files
attached to an e-mail message. Once infected, the virus will make changes to
your Microsoft Word settings that make it easier for it to spread itself.
If you think you may have downloaded this virus, please go to one of the sites
listed below for instructions on how to remove it.
There are no known effects to the AOL software at this time.
** Begin sample e-mail message **
From: (name of infected person)
Subj: Important Message From (name of infected person)
Date: 3/28/99 8:51:41 AM Eastern Standard Time
File: LIST.DOC (or other Word document)
Here is that document you asked for ... don't show anyone else ;-)
** End sample e-mail message **
How to protect yourself from the Melissa virus:
- Install anti-virus software on your computer as soon as possible, if you
haven't already done so. To purchase anti-virus software (Note: downloadable
demonstration versions may not fully protect you against the Melissa virus),
go to the AOL Computer Protection Center at Keyword: <A HREF="aol://1722:virus
Info">Virus Info</A>.
- If you already have anti-virus software, make sure it is up to date. Most
anti-virus companies have posted updates on their web sites that combat the
Melissa virus. Some of those sites are listed below.
- If you use Microsoft Word, there are
<A HREF="aol://4344:2452.macro.26156796.607189184">steps you can take</A>
aol://4344:2452.macro.26156796.607189184
to protect yourself by turning on macro virus detection in your Microsoft Word
application.
For those without AOL, here's what that above site lists on how to protect
yourself:
============================================================
There are two easy steps that you can take to protect your Microsoft Word
software from the Melissa Virus and others like it. We recommend that you
print the directions provided below and use them as a step-by-step guide to
protecting your Microsoft Word software from macro viruses.
Step 1: Add a Password to the Normal.dot File
The Normal.dot file is the basic template that Microsoft Word opens when you
select New from the File menu or click on the New icon. When this file is
infected with a macro virus, every document that you create with the normal
template becomes infected. To keep this template virus-free, protect it with a
password so that only you can make changes to it.
To Password Protect the Normal.dot File:
1. Start the Microsoft Word software.
2. From the Tools menu, select Macro, then Visual Basic Editor.
3. In the window labeled Project, click on Normal.
4. From the Tools menu, select Normal Properties, then click on the Protection
tab.
5. Check the Lock Project for Viewing check box and type in a password twice.
6. Click OK.
7. From the File menu, select Close and Return to Microsoft Word.
8. Exit the Microsoft Word software. The next time you start Microsoft Word,
the normal.dot template will be protected.
Step 2: Set the Appropriate Macro Options in Microsoft Word
A macro is a line of commands that are created to automate some task. For
example, you can create a macro that searches and replaces words and phrases
throughout a document as you create it. Most Microsoft Word documents don't
contain macros. Microsoft Word has preferences that you can set to alert you
when a document that you are opening contains a macro or when the Normal.dot
file is being changed.
To Set Macro Options:
1. Start the Microsoft Word software.
2. From the Tools menu, select Options, then the General tab.
3. Click in the Macro Virus Protection check box.
4. Click in the Confirm conversions at open check box.
5. Click on the Save tab.
6. Click in the Prompt to save Normal template check box.
7. Click OK.
Now, whenever you open a document containing a macro, Microsoft Word will
alert you that the document contains a macro. Never open a file that contains
a macro unless you know what the macro is doing.
=============================================================
For more information on the Melissa virus, how to protect your computer and
how to remove it from your computer, visit these sites:
<A HREF="http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html">
CERT Advisory CA-99-04-Melissa-Macro-Virus</A>
http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
(for a description of the virus, its impact and possible solutions if you
think you are infected)
<A HREF="http://www.ciac.org/ciac/bulletins/j-037.shtml">CIAC: W97M.Melissa
Word Macro Virus</A>
http://www.ciac.org/ciac/bulletins/j-037.shtml
(for instructions on how to protect your Microsoft Word software and analysis
of the problem)
<A HREF="http://www.avertlabs.com/public/datafiles/valerts/vinfo/melissa.asp">
AVERT -- Virus Alerts -- W97M/Melissa</A>
http://www.avertlabs.com/public/datafiles/valerts/vinfo/melissa.asp
(virus software updates for Network Associate software users)
<A HREF="http://www.symantec.com/avcenter/venc/data/mailissa.html">SARC:
W97M.Mailissa</A>
http://www.symantec.com/avcenter/venc/data/mailissa.html
(virus software updates for Symantec software users)
To find out about the latest online scams and viruses, and to learn more about
features AOL offers to help you have a safe and enjoyable online experience,
return to Keyword: <A HREF="aol://1722:neighborhoodwatch">Neighborhood Watch
</A> regularly
DECLARATION & DISCLAIMER
==========
CTRL is a discussion and informational exchange list. Proselyzting propagandic
screeds are not allowed. Substance�not soapboxing! These are sordid matters
and 'conspiracy theory', with its many half-truths, misdirections and outright
frauds is used politically by different groups with major and minor effects
spread throughout the spectrum of time and thought. That being said, CTRL
gives no endorsement to the validity of posts, and always suggests to readers;
be wary of what you read. CTRL gives no credeence to Holocaust denial and
nazi's need not apply.
Let us please be civil and as always, Caveat Lector.
========================================================================
Archives Available at:
http://home.ease.lsoft.com/archives/CTRL.html
http:[EMAIL PROTECTED]/
========================================================================
To subscribe to Conspiracy Theory Research List[CTRL] send email:
SUBSCRIBE CTRL [to:] [EMAIL PROTECTED]
To UNsubscribe to Conspiracy Theory Research List[CTRL] send email:
SIGNOFF CTRL [to:] [EMAIL PROTECTED]
Om
