David Shapshak
She started off her career as homage to a topless dancer, but days later she was on the FBI’s most wanted list. Less than a week after that she’s the world’s fastest replicating, most well-known virus.
Her name is Melissa and she could well be the enemy of the future.
Last week police arrested David Smith – the hacker who created Melissa in honour of her near-naked human counterpart. Smith now faces a fine of $480 000, 40 years in jail (conceivably doing hard labour) and more notoriety than any hacker could have dreamed of. All for an erotic dancer.
The 30-year-old Smith is a classic nerd – pasty-faced, a stranger to daylight. He left his apartment only to go to work as a software programmer.
What he did was write a macro language command – the mini- programming language used to perform small tasks in Microsoft packages – that, once opened in an e-mail attachment by the hapless user, launches an instruction that sends e-mails from an infected user’s account to the first 50 addresses in their personal address book.
The self-replicating virus – which is reactivated each time a user opens the Word attachment – does not damage individual hard drives, but freezes up the Internet through the enormous volume of e-mails it generates.
Melissa broke all the records, spreading like cyber wildfire, it affected at least 300 companies and 100 000 personal computers.
A day after its emergence, on March 26, the virus provoked the Computer Emergency Response Team to issue a public bulletin, only the second time in the respected virus watchdog’s 10-year history.
Twenty-four hours later, the FBI’s National Infrastructure Protection Centre took an even more unprecedented step: issuing their first ever virus warning. Within days Smith had been tracked through the newsgroup alt.sex, where he originally posted the virus. Investigators had spent three days examining thousands of records at a small Internet service provider until they found the telephone line used to send the first copy of the virus – it was wired into Smith’s New Jersey apartment.
Melissa’s record-setting rampage across cyberspace last week was followed by a badly written copycat virus known as Papa, that sneaked into Microsoft Excel files, and another known as Syndicate. There is an aspect of this virus that has conspiracy theorists salivating with excitement for ”joining up the dots”.
Melissa was targeted exclusively at users of Microsoft products in keeping with a wave of anti-Microsoft, anti-Bill Gates fervour among some net-techies. Although it is said to be named after a topless dancer, Melissa is also the name of Gates’s wife.
This seemingly haphazard prank by a computer nerd has revealed how vulnerable the world’s communication infrastructure is to attack. All Smith did was tell Melissa to send an e- mail, and although its short-term effects were relatively benign, it posed a devastating threat to Internet commerce. Furthermore, it is only a hint of what a virus can do.
Malcolm Hutty of British Internet consultants iVision says: ”Once you’ve got hostile code on your PC, anything is up for grabs. It could be using your most private data in the most dangerous way. So, rather than simply checking your address book, it could be, say, sending out purchase orders. You have to think what you would like to happen least, and assume it is going to happen.”
If it had been a destructive virus, it could have done ”incredible amounts of damage”, says Steve White, senior manager at IBM’s Watson Research Centre in Hawthorne, New York.
Melissa is the best example of a new generation of viruses that are taking advantage of the complexity of the latest computer operating systems to spread software devices that propagate themselves, hunt down information of interest and send it wherever they want via the Net.
These are more accurately known as worms, says Judd Harcombe, the information systems executive for the Email Corporation.
Another virus that made its way into Word documents was the Caligula virus, which could even penetrate PGP (pretty good privacy), the most commonly used personal cryptography program. It copied for its perpetrator, via the Internet, a sensitive file at the heart of the program, a user’s ”keyring” file. This file is itself encrypted, but the technique highlights software’s vulnerability.
More recently, a virus called Picture.exe was targeted at users of America Online. It stole user names and passwords, and mailed them to a destination in China.
Another virus, Happy99.exe, appears as a greetings card, displaying fireworks. Once installed, it copies e-mail logs from the user and mails itself out with every new e- mail.
Five months ago, the Russian government proposed to the United Nations that there should be a new international agreement to ban the development and use of ”particularly dangerous information weapons”, and also to establish an agreement to deal with information terrorism and cyber crime.
But the plan met with opposition from the US and British governments – who might well be regretting this after a ”cyber-assault” on Nato’s computers that coincided with the air- strikes against the former Yugoslavia.
It could have been the script of a science fiction novel. The West goes to war with a small East European country and suddenly the attacking military power finds itself under bombardment, from the cyber-front.
The Nato computers were seemingly being independently attacked by Yugoslav hackers.
The attacks were threefold: viruses, ”mail bombs” or e-mail messages with large files attached sent to the organisation’s website, which posted press releases and information on the bombing campaign. The Belgrade-based hackers also ”pinged” Nato computers – requiring them to respond to the onslaught of messages.
Much of the hype surrounding viruses is a result of the endless chain letter-like virus hoaxes that do the e-mail rounds. These messages warn of catching a particular virus from an e-mail message.
However, viruses can’t be transmitted through an ordinary e-mail message. They are commonly found in macros, in documents attached to e- mails or transmitted in an executable file that needs to be opened or launched before it takes affect.
Additional reporting by The Guardian