http://www.newscientist.com/cgi-bin/pageserver.cgi?/ns/19990410/newsstory1.html Melissa's mayhem Kurt Kleiner and Matt Walker A NEW CHAPTER in the history of computer viruses has opened. For the first time, a rogue program has taken full advantage of the Internet to infect tens of thousands of computers worldwide in just a few days. [First time? Morris' worm, ADM Worm .. two examples of this previous to Melissa. There were also other popular viruses that easily hit 10,000 machines.] The virus, called Melissa, has already spawned several "copycat" programs. Some experts fear that conventional countermeasures won't be able to blunt the threat posed by this new breed. "I would not be surprised if in a couple of months they figure out how to make a virus that propagates not in days, but in hours," says Steve White of IBM's Thomas J. Watson Research Center in Hawthorne, New York. [So this 'expert' on viruses thinks there are no viruses that propogate in hours?!] Melissa is a "macro" virus. These cause a disproportionate amount of havoc (see Figure) and exist as small programs, called macros, that can be added to documents created by software such as Word, Microsoft's word-processing package. As more than 100 000 computer users have already found to their cost, Melissa arrives by e-mail hidden within a Word file that contains a list of pornographic websites. If the recipient opens the document without disabling the macro function, the virus alters Word's security settings so that warnings about disabling macros won't be displayed in future--a trick that renders the user vulnerable to further attacks. Melissa then looks for Microsoft's Outlook organiser program and sends copies of itself to the first 50 contacts in the Outlook e-mail address book. At various times, it deposits a quote from The Simpsons TV show into Word documents. Macro viruses that propagate by e-mail have been seen before (This Week, 26 April 1997, p 7). But Melissa is the first to use a popular e-mail program to spread like wildfire. In doing so last week, it clogged major e-mail gateways. Systems hit by the virus reportedly included NATO computers involved in the war against Yugoslavia. A New Jersey man, David Smith, has already been charged with releasing Melissa. But hard on its heels has come a virus called Papa, which lurks in a Microsoft Excel spreadsheet file. It works in much the same way, except it also repeatedly tries to contact certain Internet addresses, effectively disabling the user's Net connection. According to Nick FitzGerald, an antivirus consultant based in Abingdon, Oxfordshire, there are two further copycats--Marauder and Syndicate. Companies specialising in antivirus programs have written software patches that disable Melissa and Papa, and made them available on their websites for downloading. But White and his colleagues at IBM argue that this approach is too slow to deal with fast-reproducing viruses. IBM has pioneered the Digital Immune System, which it hopes to release in about a year. This will connect customers over the Net with a central computer. When a customer's computer detects an anomaly that might be a new virus, it will automatically ship the code to the central computer, which will figure out a way to detect it, then send the information to everyone on the network (see "The Internet strikes back", New Scientist, 24 May 1997, p 35). [This is a privacy concern and a half. Your computer will now begin to send arbitrary documents to IBM, possibly withuot censoring content, and possibly without your knowledge.] Some antivirus experts remain sceptical about the Digital Immune System's chances of success. But if it does work as advertised, it should be more than a match for Melissa and its imitators. "Melissa and Papa are exactly the kind of things that would play to the immune system's strengths," says FitzGerald. "It could detect and deal with fast-spreading network threats in real time." >From New Scientist, 10 April 1999