April 5, 1999 -- Newsletter #22
Application Security Testing: An Integral Part of DevOps
April 5, 1999 -- Newsletter #22
Please visit http://www.htmlgoodies.com!
Greetings, Weekend Silicon Warriors...
Wow! What a response to the last Goodies To Go! My e-mail box filled up with lots of encouragement for my continued use of banner ads to keep the HTML Goodies site free. Thank you! I love getting positive e-mail. Some of you even said you hoped I would get rich. Hey, me too, but it doesn't seem to be happening any time soon....
On to the topic of Newsletter 22. Please remember, this letter was written last Wednesday....
I got one! I got one! I got one! I actually got a Melissa virus in my e-mail! It didn't do any harm, though. I answer all of my e-mail right off the server using Pine: I couldn't open an attachment if I wanted to. I do it on purpose, of course. I know it's low-tech, but I'm bug free.
Now the burning question...
Melissa? Hah? This is the name of a virus? Melissa? Who is this named after? Melissa Ethridge? Melissa Gilbert? Melissa Manchester? That song by the Allman Brothers? The author of the virus?
Okay, next question. Who did this? I'll bet the answer is completely innocuous, rather than a Uni-Bomber manifesto attack. I personally think it's a present. I know we'd all like to think this is some grand conspiracy, but I'll bet it's little more than some 15- to 20-year old who is attempting to impress a current love interest. He can claim that her name is now out there for the world to see.
Now there's something out there following in Melissa's footsteps called "papa" and I'm hearing that Melissa has been mutated and is no longer sending out equal subject lines; now it's sending out blank subject lines.
Depending on your point of view, this is either very bad, or great theater.
All Tuesday morning I received call after call from my students who were positive that they had contracted the Melissa virus. Well, I assured them that since Melissa didn't destroy data or break memory chips -- and they never opened an attachment -- ten bucks said they didn't have it.
You see, Melissa is not a virus, per se. A good tech friend of mine explained to me that Melissa is what he termed a "worm." It doesn't harm the computer it infects. In fact, it doesn't really harm the mail server it shuts down. Think of it this way: you take three rolls of toilet paper, bunch up all the paper, and put it in the bowl. Then flush. That clogging effect is what Melissa does.
Here's what happens: You receive an e-mail that has an attachment, usually an operating system specific file, like WORD or EXCEL. The subject line is written to be friendly and get your attention. Melissa, and Happy99 which works much the same way, actually use the name of a person you know because of how it was sent. More on that in a moment.
When you open the e-mail, you get a cute nondescript message asking you to open the attached file. This is common. Viruses have to be opened, or run, to be enacted. Just opening the e-mail alone won't do it. You have to click to fire it up. There was a short time a while back where screen savers were sent around containing viruses. The big one showed you a small fireworks show and then ate up your hard drive.
That kind of attachment is sometimes referred to as a Trojan Horse virus. It sits on your computer and looks completely harmless until you click. Then all heck breaks loose. But you don't always have to click. Some Trojan Horse viruses have time triggers: There's a virus that sits on your computer dead as a doornail until March 6th, then it explodes (it's called the Michelangelo virus because March 6th is Michelangelo's birthday). It did a lot of damage in Australia a few years back.
But, I'm getting ahead of myself here. Back to Melissa. Once you click on the file, WORD opens and attempts to run the file, but first you get a warning message telling you that the document contains a series of macros and asks if you want to continue running the program. If you say "no" you're still safe. Say "yes" and you've infected 50 other people.
You see, a "macro" is a small part of a program that helps you do repetitive tasks. In the case of Melissa, it does a repetitive task, all right. It takes the first 50 names from your Microsoft address book and sends them the same message you got using your name in the subject line. That way it looks to the person receiving the mail as if you sent them a nice friendly letter. It's terrible and clever all at the same time.
But again, Melissa is not a virus. It's a worm. The mail servers at Microsoft, Lucent, the U.S. Army, and a few companies in Canada were shut down not because of any destruction, but because during the morning rush to read e-mail, 1000 people clicked on the file which produced 50,000 e-mails all at the same time. Poof! Lot's of paper in the toilet. Crash.
In case you're wondering what is actually contained in the WORD document that Melissa sends out, I was told by a poor, unwilling participant that it was a list of like 80 Adult sites. Plus, if you opened the file at the same time as the date (i.e., you open the file at 3:29 on 3/29) the WORD program writes a line from the first episode of the Simpsons to the document. It's something about Bart winning at Scrabble. I never thought that episode was very funny. Now, the Side Show Bob episodes, I love them!
So what can you do to protect yourself?
It's ridiculously easy, actually. Know this first: no e-mail text can enter a virus into your system. E-mail is just that, e-mail. The virus is always contained in an attachment and that attachment is like a vampire. You have to "invite it in." If you get an attachment -- even from a friend -- do not open it. Call the friend and ask if this is true. Once you get the OK, then you can go ahead.
Make sure your e-mail program is not set to automatically download and run attachments. That would be bad.
Finally, install a virus program on your computer. And buy one. This is not a time to go the freeware route and cut a financial corner.
It used to be that you could basically take these virus warnings with a grain of salt. Most of them are false alarms. Remember the Good Times virus? The letter that was sent out warning you of a virus was a hoax. It was little more than a chain letter meant to scare you. There was another sent out not too long ago that was supposedly from Bill Gates saying that if you sent the letter to 1000 people you would receive some free software. A lot of people believed the Budweiser Frogs screen saver contained a virus, but it didn't.
Until lately, computer viruses were mostly Urban Myths, but not any more. Now they're an actual threat and you should be careful.
Finally -- why do this?
I'm not a psychologist, but I'll bet the answer has a lot to do with impressing a group of people. I know in my little clique of computer friends, we each get to wear the king's crown every time we come up with something new.
I'll bet this person is now a hero to a group of about 10 people. He or she will get caught. Maybe a little fine or some suspended jail time will be enacted, but for the most part, the virus creator got what he or she wanted: the attention of friends. I doubt this is an attack. It just isn't harmful enough. This isn't personal.
Goodness help us if someone ever does go the personal route and really knows what they're doing. Melissa showed that we Web-heads are all pretty faithful people. What would have happened at Microsoft had Melissa been something that erased or altered data? I hate to think of it.
These viruses will be around for as long as someone wants to cause havoc or impress someone else. It's human nature. Hopefully the viruses and those that make them will stay on the side of borderline funny, but I fear they might not. I think Melissa was a glimpse into what people could actually do if they ever did get personal with a business, the government, or a hospital. What then?
Hopefully we'll never need to find out.
And I've rambled for the 22nd time. That's that. Thanks for reading.
Joe Burns, Ph.D.
And Remember: April 15th is just around the corner. My accountant (who is sitting here doing my taxes) informs me that the first tax return form, from 1913, was less than one page long. He also informs me that April 15 is only one month removed from the Ides of March.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...