- (IDG) -- Network Associates has discovered
an e-mail virus similar to the Melissa virus that company officials said
they believe is even more dangerous than its predecessor.
-
- Dubbed Papa, the new virus is an Excel
virus that sends itself in the same manner as Melissa, but sends itself
to the first 60 people in a user's address book compared to 50 with Melissa.
In addition, Papa sends an e-mail out every time the virus is activated.
Melissa only sends the message the first time it is opened.
-
- This time the subject line claims the
message is from "all.net and Fred Cohen." The body of the e-mail,
which contains an attached document titled "path.xls," then instructs
the user not to disable the macros, which is how the virus is activated.
-
- According to Sal Viveros, group marketing
manager for total virus defense at Network Associates, the most disruptive
aspect of Papa is the fact that it "pings" an as-yet-undetermined
external site to make sure there is an available Internet connection. The
practice of pinging is not unusual, but Papa pings so many times that it
brings the network down.
-
- The biggest concern from a corporate
security standpoint is that any document infected with the virus and then
e-mailed to another party is distributed in the same way the Melissa virus
is, leaving companies vulnerable to having confidential documents distributed
unknowingly.
-
- Viveros believes Papa was written by
a different person than the author of Melissa, but that it uses the original
virus as a road map. This practice of using similar mechanisms to deliver
more destructive payloads is not unusual, noted Viveros, which could mean
a string of such similar viruses could be on the way. Variants, however,
should be less disruptive because virus-detection vendors know what they
are looking for. Network Associates expects to post software for detection
and cleaning of the Papa virus by Monday afternoon.
-
- The Melissa virus first sprang up in
countless e-mail inboxes around the world on Friday, replicating itself
to end-user address books and sending an exhaustive list of pornographic
Web sites to everyone therein.
-
- According to Viveros, Melissa is the
widest spreading virus he has ever seen, hitting approximately 80 percent
of Network Associates' major customers, which amounts to almost 100 companies.
A significant number of those were forced to take their e-mail systems
down.
-
- The Melissa virus hampered -- and in
some cases entirely shut down -- e-mail systems for companies the world
over. Microsoft, for example, put a halt to all outgoing e-mails throughout
the company on Friday to guard against spreading the virus.
-
- At risk are Microsoft Exchange Servers
running Microsoft Outlook. With an ever-changing subject heading of "Important
Message From [end-user name]," the attachment to the e-mail is a document
entitled "list.doc" with a body of text stating, "Here is
that document you asked for ... don't show anyone else ;-)."
-
- Upon opening the attachment, Microsoft
Word 97 will ask if you want to disable the macros, to which you should
reply yes, or the e-mail will automatically be sent to the first fifty
names on each company mailing list.
-
- "If you don't disable the macros,
the virus resends itself to everyone in [your] address list," said
John Berard, a spokesman for Fleishman Hillard, which was infected by the
virus and inadvertently spread it around.
-
- In addition, the virus automatically
changes the security settings of an infected system to the lowest possible
setting, a slick move that has IT managers wondering if they will have
to manually reset every infected PC in their enterprise.
-
- Dan Schrader, director of product marketing
at anti-virus software maker Trend Micro, said the virus is easy to detect
and not destructive in nature. But it can cause serious bandwidth constraints
and contains several quirky characteristics.
-
- One of those is a hidden message from
the popular TV series "The Simpsons" that is inserted into any
open documents whenever the date and the time - 2:29 on the 29th for instance
- match.
-
- A fix for the Melissa virus is now available
from most major anti-virus software vendors.
-
- Michael Lattig (michael_lattig@infoworld.com)
is an InfoWorld reporter. Dan Briody <mailto:dan_briody@infoworld.com(dan_briody@infoworld.com)is
InfoWorld's Client/Server editor.
|