By MATT RICHTEL
SAN FRANCISCO -- A rapidly spreading computer virus
forced several large corporations to shut down their e-mail servers on
Friday night as it rode the Internet on a global rampage, several
leading network security companies reported Saturday.
Network security experts said that the virus appeared to do no harm to
the machines it infected and that individuals could easily disable it.
But they said its purpose is to interrupt networks by replicating itself
so rapidly that it overwhelms networks and e mail servers, the
electronic post offices that direct message traffic.
E-mail infected with the virus, which its creators call
Melissa, has a topic line that begins, "Important Message From." Next
is the sender's name, which is often the name of a friend, fellow worker
or someone else known to the recipient.
The message within the e-mail is short and innocuous: "Here is that
document you asked for ... don't show anyone else ;-)" Attached to it
is a 40,000-byte, or 40K, Microsoft Word document named list.doc.
When the recipient opens list.doc, the Melissa virus automatically
searches for an e mail address book. It then sends a copy of itself --
the message and attachment -- from the recipient to the first 50 names
it finds in the recipient's address book, which accounts for the rapid
acceleration across the Internet.
The virus is known to spread rapidly with two popular e-mail programs,
Microsoft Outlook and a slimmed-down version of the same program,
Microsoft Outlook Express, which is part of the Windows 98 operating
system and is often installed with Windows 95.
Network security administrators said they had seen no evidence that
Melissa was able to open and use the address books in other e-mail
programs, but they did not rule out the possibility that it could and
would do so.
Several anti-virus software makers posted software on their Web sites
that their customers can download to detect the virus-encoded message
and refuse it.
A fix for the general public was available on http://www.sendmail.com,
the Web site of Sendmail, the Emeryville company whose post-office
software is often used to direct mail on the Internet.
Individuals can avoid contracting or spreading the virus simply by not
opening the
attachment that accompanies the e-mail. Opening the message alone will
not cause the virus to copy the address list and send itself out.
Alternatively, users can disarm the virus by disabling the type of
program that contains it -- "macros," which are small applications used
to automate tasks in Microsoft Word
documents. Disabling macros in Microsoft Word will render the virus
ineffective.
Related sites:
CERT Coordination Center, Carnegie Mellon University: Melissa Macro
Virus
http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
Network Associates: Melissa Virus Alert
http://www.avertlabs.com/public/datafiles/valerts/vinfo/melissa.asp
McAfee Online : Melissa Virus Profile
http://vil.mcafee.com/vil/vm10120.asp
Trend Micro: Melissa Virus Alert
http://www.antivirus.com/vinfo/security/sa032699.htm
The Morris Internet Worm: Background
http://www1.minn.net/~darbyt/worm/worm.html