[Infowarrior] - Melissa virus turns 10

Richard Forno rforno at infowarrior.org
Sat Mar 28 14:43:01 UTC 2009 

  March 28, 2009 6:00 AM PDT
Melissa virus turns 10
by Elinor Mills

http://news.cnet.com/8301-1009_3-10206275-83.html?part=rss&subj=news&tag=2547-1_3-0-20

A decade ago there was no Facebook, no iPhone, and no Conficker. There  
was dial-up and AOL and a nasty virus called Melissa that ended up  
being the fastest spreading virus at the time.

CNET News talked to Dmitry Graznov, a senior research architect at  
McAfee Avert Labs who was among the researchers who worked to fight  
the Melissa outbreak and track down the creator.

Q: How was Melissa discovered?
Graznov: Avert as a whole discovered it as did some of the  
competitors. It was submitted to us by customers as it started to  
spread around the world (on March 26, 1999).

What made Melissa different from previous viruses?
Graznov: It was the first mass-mailing virus, which used e-mail to  
spread on a large scale.

What harm did the virus do?
Graznov: In some cases the load on the e-mail servers in some  
organizations was so high that the servers were effectively shut down.

How many computers were affected and what did the virus do?
Graznov: Hundreds of thousands of computers were affected. That's a  
guess...Melissa infected other documents a user opened in Microsoft  
Word. It also connected to Outlook if it was running and selected 50  
entries in the address book and e-mailed an infected document to those  
addresses...including mailing lists...As a result, the virus was sent  
not just to 50 people, but to thousands of people easily. We didn't  
have any firm numbers to go by, but we did have reports from customers  
saying their Exchange servers were overwhelmed.

How long did the outbreak last?
Graznov: Several days, but the infections continued to be registered  
for a long time after that. It was just a macro virus and we were well  
equipped to provide detection and removal for people's computers even  
then...The fact that it was so widespread in the world already meant  
it took a long time to remove the infections.

Security researcher Dmitry Graznov as he looked in 1999 when he was  
chasing down the creator of the Melissa virus for McAfee Avert Labs.
(Credit: Dmitry Graznov)

How did the virus writer get caught?
Graznov: I was running, actually still am, a project called Usenet  
Virus Patrol, which scans Usenet articles for viruses. The author of  
Melissa posted the virus to a newsgroup called "alt.sex." It was  
zipped up and sent as if it was a list of passwords to like 80- 
something different porno sites...It was just bait to entice people  
into downloading it and opening it. Once it was opened, it started e- 
mailing itself around. It was relatively easy to go back and find the  
exact Usenet posting that started all this. In the header of the  
posting it was possible to find out not only the e-mail address from  
which it was sent but also the IP address of the computer from which  
it was sent. That IP was linked to an AOL account and from that the  
FBI subpoenaed AOL and they provided the dial-in logs...and found out  
what computer was assigned that IP address and from what telephone  
number the call was made. The AOL account was a compromised one...The  
phone call that used that account came from New Jersey and the FBI  
linked the phone number to a particular address. That is how they  
found the guy's computer...The data we provided them was the clue that  
led straight to the criminal. (David L. Smith pleaded guilty and was  
sentenced to 20 months in prison and $5,000 in fines.)

What was the motivation behind Melissa?
Graznov: There was no material gain. Back then, people didn't do it  
for money. They did it for mischief, for fame...Today there is huge  
money in computer crime...Back then, we had 200 times fewer pieces of  
malware than we have today.

Any comments on Conficker and Melissa and how far we've come?
Graznov: Conficker is a completely different type of thing. It's not a  
macro virus. It's an executable and a botnet, and it downloads lots of  
stuff on your computer. It's basically a network for sale. It can be  
rented out. It can be used for password stealing. Back in 1999 there  
wasn't such a thing as a business model for malware...Today, big money  
is involved in computer malware. You cannot even compare them.


Elinor Mills covers Internet security and privacy. She joined CNET  
News in 2005 after working as a foreign correspondent for Reuters in  
Portugal and writing for The Industry Standard, the IDG News Service,  
and the Associated Press. E-mail Elinor.

More information about the Infowarrior mailing list