About Plesman
 
Contact Us
  

Monday, August 13, 2001
 
Computing Canada, November 5, 1999, Vol. 25. No. 42  
 
Melissa variants still roam wild, despite screens

11/5/99 - Observers say outbreak risks far lower this time, thanks to improvements in education, procedures

by Elynn Wareham
 
 

Two new versions of the infamous, self-replicating Melissa virus are circulating on the Internet, but experts claim that although the variants have the potential to cause the same kind of damage as the original, the risk of infection is not as high.

Like the original Melissa virus, which caused havoc earlier this year by clogging corporate e-mail servers, the variants use Microsoft Word and Outlook software to spread themselves to users on the computer's e-mail address list.

Both W97M.Melissa.U. and W97M.Melissa.U(Gen1) attempt to delete some system files, insert text into documents and e-mail the infected file to the first four entries in the user's Microsoft Outlook address book.

Although it is difficult to say how widespread these viruses are, there have definitely been reports from Canadian firms, says Shirley Joly, security consultant with Sensible Security Solutions Inc.

According to Chris Monnette, Canadian general manager with Symantec Corp., although there have been a few reported cases of the viruses, there has been no outbreak like the previous version of Melissa.

Fortunately for corporations, the variants work in the same way as the original Melissa virus did, and users are more aware of the potential dangers associated with viruses because of their past experiences.

They now know what they are looking for and what to do when the virus hits, he says, adding that this has affected the number of reported infections.

"I think what Melissa did was teach a lot of people that there will be new threats and that they are always going to be there."

Organizations are now concerned more with how quickly new protection can be distributed than with how to identify them, he says.

However, the longer it takes corporations to supply the fix to their users, the more threatening the virus becomes, he says.

Monnette says the first thing organizations can do to protect their systems from being infected is to make sure their virus protection products are equipped with the latest updates as software developers make them available.

The second precautionary measure is to communicate clearly to corporate users that being skeptical of attachments and things that come to the user by e-mail is extremely important, he says, adding that most corporate virus attacks are caused by failure to enforce user policies.

According to Monnette, the last few reported viruses seem to indicate that virus writers are now trying to attack enterprise as a whole, as opposed to the individual computer.

Not only do these viruses have the ability to spread rapidly across an organization, the can also distribute confidential information quickly and easily either internally or externally.

"Up until (Melissa), protection was a 'should have' or a 'nice to have.' Today it is very much a 'must have,'" says Monnette.

The problem with most security checks is inconvenience, says Stephen Ibaraki, senior faculty member with Capilano College in North Vancouver.

Ibaraki says he now requests that his colleagues attach a security code within any document or e-mail attachment that they send.

"If I see the security code then I know it is a legitimate attachment. If I don't see it, then I know it is not a legitimate attachment," he says, adding that he also uses confirmation e-mail messages before opening any executable or compressed files.

Ibaraki says a common agreement between a group of colleagues who communicate through e-mail is simple and it doesn't require a lot of work.



Go to the top.