[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Experts at Carnegie Mellon computer virus



PureBytes Links

Trading Reference Links

fwiw, ... melissa is a run of the mill variant on a
familar old Microsoft office "macro virus." It's nothing
more than an attached script in a word document that causes MS Office to do
what it was designed to do with the exception that the email goes to the
first fifty folks on your Outlook address book mailing list instead of to
Microsoft.

Melissa consists of a document. When the document is opened ONLY in
Microsoft Word or in Outlook 98, the macro will run, suck out 50 names from
the Outlook address book and mail itself to those 50 people. By setting
Word or Outlook so as to not run macros on document open, or by making the
MS Office NORMAL.DOT file read only, the macro virus is stopped.

Since it's a run of the mill macro virus, the antivirus vendors have all
added the document name to their respective programs already. Because it is
not an executable, it isn't a trojan and because of the convoluted way MS
Office is designed, there's no program that could "see" it as a process
since the document causes Microsoft Office itself to carry out the
dastardly deed ... bad design on Microsoft's part and a complete lack of
security. But since this doesn't reach out into the operating system (MS
Office is actually the trojan horse, I'm not kidding) there's no process to
stop.

melissa really isn't a 'trojan' either.  it is however just another example
of why some hard core computing folks don't allow Microsoft Office, Word or
any other MS products in their shop. Why a word processor would be designed
to create a document that can post itself to the internet is beyond my
comprehension.

The Gatecrasher trojan (which can also propagate through Word) is an
actual executable and therefore can be intercepted and stopped. mellissa
however has the actual functionality built into the document that's
circulating rather than carrying a separate program like Gatecrasher does.



-----Original Message-----
From: Alexander Levitin <alevitin@xxxxxxxx>
To: omega list <omega-list@xxxxxxxxxx>
Date: Sunday, March 28, 1999 3:31 PM
Subject: Experts at Carnegie Mellon University warn of new computer virus


:Experts at Carnegie Mellon University warn of new computer virus
:
:March 27, 1999 Web posted at: 4:58 PM EST (2158 GMT)
:
:PITTSBURGH (AP) -- A new computer virus can allow documents to be
:e-mailed to other people without warning, a potential security breach
:that should worry businesses and governments, an expert at Carnegie
:Mellon University said Saturday.
:
:The "Melissa macro" or W97M_Melissa virus spreads via infected e-mail
:and attacks computers loaded with Microsoft's widely used Word 97 or
:Word 2000 programs, according to CERT -- or Computer Emergency Response
:Team -- Carnegie Mellon's Department of Defense-funded computer security
:team.
:
:CERT first heard of the virus Friday afternoon and its members worked
:through the night to analyze the virus and develop a fix, CERT manager
:Katherine Fithen said.
:
:"We're getting so many reports from across the world., that we know this
:is going to be a huge problem come Monday," Fithen said.
:
:She noted that since CERT was founded 10 years ago, this is only the
:second time it has considered a virus important enough to warrant a
:public announcement. The first, in 1994, warned of a virus that allowed
:computer burglars to collect passwords.
:
:CERT has not determined where the Melissa virus originated.
:
:Fithen said she is not allowed to say whether any governmental agency
:has suffered a security breach as the result of Melissa.
:
:If a computer user opens an infected Word-format document, the virus
:propagates itself by reading the user's e-mail address book and sending
:an infected message to the first 50 entries, CERT said.
:
:The message can include the contents of any Word document that is open
:on the computer, Fithen said.
:
:Also, the virus reproduces and sends so much unwanted e-mail that the
:volume can overload some mail servers, the computers that distribute
:e-mail.
:
:However, it apparently causes no direct damage to a computer's memory or
:programs.
:
:Infected documents are sent as attachments to e-mails most frequently
:bearing a header: "Subject: Important Message From" the name of person
:whose computer relayed the virus. The body of the message says "Here is
:that document you asked for ... don't show it to anyone else ;-)."
:                  ___
:
:EDITOR'S NOTE: CERT information about the Melissa virus is
:available                 on the Web at
:http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html.
:Microsoft has a patch available at
:http://www.microsoft.com/security/bulletins/ms99-002.asp.
:
: