Printer Friendly

Looking beyond the Melissa virus.

The computer virus that struck in late March exposed serious weaknesses in the security of many computer systems. Nicknamed Melissa, this rogue program acted like an automated chain letter, overwhelming electronic-mail service in more than 300 organizations, including government agencies, military bases, and large businesses. What made this particular virus stand out was the extraordinary speed with which it spread throughout the world.

"The Melissa virus represents a new level of sophistication in the progression of computer viruses," says Richard Pethia of Carnegie Mellon University's Software Engineering Institute in Pittsburgh. Pethia was one of several computer security experts who testified at a congressional hearing last month on ways to protect information technology from emerging threats.

The Melissa virus exploited a well-known vulnerability of small computer programs called macros. Word processing software often attaches macros to documents in a way invisible to the typical user. The Melissa virus, posing as a macro, was hidden in a Microsoft Word document, which was distributed by E-mail. Opening the document activated the virus, which would then look for an organizer program called Microsoft Outlook. The virus would mail itself to the first 50 addresses listed in the organizer's E-mail directory.

Because Word and Outlook are widely used, often without sufficient security precautions, the virus spread rapidly. It merely perpetuated itself and forced the suspension of E-mail service at sites that it inundated. A virus designed to destroy data, however, could use the same security loophole to wreak much more havoc.

One encouraging aspect of the Melissa episode was the quick response by several virus-monitoring organizations, which collected information and provided timely, well-publicized warnings. Within a few days, new infections slowed to a trickle.

Response times measured in hours and days, however, may not be fast enough in the future. "Future mutations ... could easily be much harder to detect, spread even more quickly, and cause significantly more damage," Pethia contends.

Experts estimate that about 30,000 viruses are now in circulation, with 300 new ones created each month. "Users should be sure that their computers are running the most up-to-date virus protection software," warns Michael A. Vatis, director of the Federal Bureau of Investigation's National Infrastructure Protection Center in Washington, D.C.

"The long-term solutions to the problems represented by Melissa will require fundamental changes to the way technology is developed, packaged, and used," Pethia concludes. "It is critical that [computer] system operators and product developers recognize that their systems and products are now operating in hostile environments."
COPYRIGHT 1999 Science Service, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1999, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Mar 1999 computer virus
Publication:Science News
Article Type:Brief Article
Date:May 8, 1999
Previous Article:Portrait of the artery as a motivator.
Next Article:Developing digital fluency.

Related Articles
Facts and fables about computer viruses.
Beyond Virtual Vaccinations.
"Love bug" lessons.
Sophos Anti-Virus six month summary.
Bugged by viruses?
Nothing to fear from Mellssa-X, says Sophos. (Security Supplement).
Virus Prevalence Survey 2001: ICSA Labs. (Security).
Melissa worm author convicted. (Security).
How computer viruses work.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters