[109510] in Cypherpunks
A-M$: Massive e-mail virus outbreak spreads like wildfire (InfoWorld)
daemon@ATHENA.MIT.EDU (Mahou Shoujo Pixy Misa)
Sat Mar 27 13:27:25 1999
Date: Sat, 27 Mar 1999 20:10:55 +0200 (EET)
From: Mahou Shoujo Pixy Misa <waste@zor.hut.fi>
To: cypherpunks@toad.com
Reply-To: Mahou Shoujo Pixy Misa <waste@zor.hut.fi>
Hey, could someone make a version what would scan the computer
for documents with keywords like 'secret' or 'confidential' and
e-mail them for the world?
http://www.infoworld.com/cgi-bin/displayStory.pl?990326.wcvirus.htm
=20
Massive e-mail virus outbreak spreads like wildfire=20
By Dan Briody
InfoWorld Electric
=20
Posted at 4:43 PM PT, Mar 26, 1999=20
A crippling and embarrassing virus has spent the day marauding
countless e-mail inboxes around the world, replicating itself to
end-user address books and sending an exhaustive list of pornographic
Web sites to everyone therein.
=20
Dubbed the "Melissa" virus, the culprit has hampered -- and in some
cases entirely shut down -- e-mail systems for companies the world
over. For example, Microsoft has put a halt to all outgoing e-mails
throughout the company.
=20
"Some users at Microsoft received an e-mail that contained a Word
document that has attached to it a macro virus," said Andrew Dixon,
group product manager for Office at Microsoft. "If that document is
opened and the macro virus is allowed to run, it is possible [for the
virus] to send e-mail to a number of other users."
=20
Dixon said that Friday afternoon, Microsoft "temporarily turned off
outgoing e-mail" company-wide to guard against spreading the virus.
Dixon said he did not know how many Microsoft employees received the
marco virus, or how many may have triggered it
=20
At risk are Microsoft Exchange Servers running Microsoft Outlook. With
an ever-changing subject heading of "Important Message From [end-user
name], the attachment to the e-mail is a document entitled "list.doc"
with a body of text reading "Here is that document you asked for ...
don't show anyone else ;-)."
=20
Upon opening the attachment, Microsoft Word 97 will ask if you want to
disable the macros, to which you should reply yes, or the e-mail will
automatically be sent to the first fifty names on each company mailing
list.
=20
"If you don't disable the macros, the virus resends itself to everyone
in [your] address list," said John Berard, a spokesman for Fleishman
Hillard, which was infected by the virus and inadvertently spread it
around. "We've been shut down and working on the problem all day. It's
hard working without the effective use of e-mail. But this thing did
not originate with us."
=20
In addition, the virus automatically changes the security settings of
an infected system to the lowest possible setting, a slick move that
has IT managers wondering if they will have to manually reset every
infected PC in their enterprise.
=20
Fleishman Hillard immediately shut down its systems when it discovered
the virus and contacted federal authorities. Fleishman Hillard has
more than 1,500 employees worldwide.
=20
Meanwhile, the list of companies affected is growing exponentially. An
Intel spokesperson reported that the chip-giant had been "touched" by
the virus and is working on correcting the problem. "It's all over,"
he said.
=20
Tom Moske, network manager for USWeb CKS, said the virus has made for
a very long day. "It's going to propagate like crazy. It's gone to all
of our client and personal addresses. We are kind of laughing,
although it is pretty bad. This is a good one."
=20
A fix for the virus has been posted on the Trend Micro Web site. All
major antivirus companies are expected to follow suit by Monday.
Symantec is on a company-wide holiday today.
=20
Dan Schrader, director of product marketing at Trend Micro recommends
that IT managers do not panic upon learning of the insidious virus,
but shut down the e-mail system and go to Trend Micro's Web site at
housecall.antivirus.com/smex_housecall for further instructions.
=20
Though Schrader could not say how many companies had been affected, he
did say the his company was "getting swamped with calls and hits on
the Web site. Obviously it spreads very rapidly."
=20
Schrader said the virus is easy to detect and not destructive in
nature. But it can cause serious bandwidth constraints and contains
several quirky characteristics.
=20
According to Trend Micro officials, the virus has a hidden message
that is time triggered to reveal a quote from the popular TV series
"The Simpsons."
=20
Dan Briody is the client/server section editor at InfoWorld. Bob
Trott, Stannie Holt, and Michael Lattig contributed to this report.
=20
Go to the Week's Top News Stories
=20
=20
Please direct your comments to InfoWorld Deputy News Editor, Carolyn
April
=20
Copyright =A9 1999 InfoWorld Media Group Inc.=20
=20
InfoWorld Electric is a member of IDG.net
=20
[idgnet_bluenet_31x49.gif]=20
=20
| SiteMap | Search | PageOne | Reader/Ad Services |
| Enterprise Careers | Opinions | Test Center | Features |
| Forums | Interviews | InfoWorld Print | InfoQuote |
=20
[cs;sz=3D125x125;tile=3D1;ord=3D922556303]=20
[cs;sz=3D125x125;tile=3D2;ord=3D922556303]=20
[cs;sz=3D125x125;tile=3D3;ord=3D922556303]=20
[cs;sz=3D125x125;tile=3D4;ord=3D922556303]=20
=3D=3D "Anti-M$ Mailing List", another fine service of Enemy.ORG / VBS =
=3D=3D
=3D=3D [un]subscribe requests to Majordomo@Enemy.ORG or Anti_ms-owner@Enemy=
=2EORG =3D=3D
