Watch out: you've got evil mail

The next time you log on may be your last: thrill-seeking virus creators are at work again.

Charles Arthur
Tuesday 30 March 1999 17:02 EST
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

MONDAY MORNING was not pleasant for Jennifer Mehlow. "I came in and I had 213 nasty e-mails attacking me," she said. On the previous Friday, she had received an internal e-mail that appeared to come from one of her work colleagues at the PR company Fleishman-Hillard in Austin, Texas. But on opening the attached document, she found a list of hundreds of porn sites on the Web.

Like any well-trained corporate American, she reported the incident to her computer systems manager: clearly, the colleague was guilty of sexual harassment and porn viewing at work. However, the real damage had already been done. Ms Mehlow was just one of thousands of victims of the Melissa computer virus: while she was gasping in outrage at the porn list, a program embedded in it - called a "macro" - was raiding her electronic address book and forwarding the same document to the first 50 names there, many of them technology reporters. They were the source of the angry e-mails, not the colleague.

No surprise that she got rude replies. Anyone who received the e-mail and opened the attached message could inadvertently spread the virus. Thus hundreds of companies and organisations including financial institutions, military bases and even (to his embarrassment) the governor of North Dakota, were hit.

Since Melissa can spread only by exploiting the flaws in the newer versions of Microsoft's Word and Outlook Express e-mail programs, the schadenfreude among the unaffected was heightened by the news that Microsoft itself was hit. The company shut down its external e-mail system for some hours while it made sure the virus could not propagate within or from it.

Yesterday people were counting the cost; Star Internet, a British Internet access company, reported that e-mail activity had dropped substantially compared to Monday. Its conclusion was that companies were simply shutting their e-mail systems off from the outside world.

For anyone who heard Bill Gates pontificating last Friday at the London Business School on the merits of giving companies a "digital nervous system", the last few days were a sobering reminder that better technology is not always good news.

Mr Gates, head of Microsoft, extolled the idea of letting everyone in a company swap information digitally, and suggested that the ideal would be the elimination of paper - almost achieved at his company.

Faced with that unleavened optimism, the arrival of Melissa - which was probably beginning its odyssey around the world as Mr Gates took the stage - demonstrates an increasing weakness that pervades modern computer systems. In biology, if the members of a herd are too genetically similar, a single disease can wipe them out. Ditto with computer systems: as Microsoft becomes increasingly dominant, the users of its programs are open to weaknesses that they may not know exist - until it is too late.

Thousands of companies today rely blindly on Microsoft's word processing and e-mail packages. But for anyone with a sense of mischief, writing a mini-program (called a "macro") that is embedded in a document and does what Melissa does is the work of a few hours.

Efforts to track down the virus author began soon after the first copies of "list.doc" (the website list) were identified as the virus-carrier. Netizens rapidly decided that the author's name was John Holmes, that he was running Windows 95 or Windows 98, and was connected to a network. They also knew who made the network connector. That information was extracted from the document itself - automatically inserted, without the user's knowledge, by Microsoft Word (a revelation that caused outcry a few weeks ago).

If "John Holmes" is the culprit, he probably is not a power-crazed maniac, a la Ernst Stavro Blofeld, sitting in state stroking his cat. More likely he will be a teenager, who spends most of his time in his bedroom, undisturbed by his Midwestern American parents, who is fascinated by computers and especially in controlling them. His motive is not to get rich; it is to get noticed by his peers - other virus-writers.

"Most virus-writers are adolescents with a point to prove," says David Emm, an anti-virus specialist. "They're usually bored and frustrated and they take on virus-detectors to try to prove how clever they are. Most are very competitive, but lose interest in their early twenties."

Strange as it may seem, computer hackers, who are generally the same age, hate virus-writers, seeing them as people who do not respect the machines they target. Hackers find thrills in entering and controlling another computer. Virus-writers send their progeny out, usually to cause destruction and damage.

Melissa is part of the new generation of viruses which have appeared since computing became integrated into the modern business world. In the Eighties, primitive viruses relied on floppy disks to spread. The arrival of electronic mail in the Nineties, and of "attachments" (files such as word processing documents and spreadsheet files), meant information could be spread far faster than ever before. So could viruses.

Attachments gave rise to the "macro" virus, developed within Microsoft by a freelance. Though his identity is unknown, he apparently realised one day in 1995 while tinkering with Microsoft Word that he could create a virus-like program using its macros. Called "Prank" or "Concept" by virus-cataloguers, its first recorded appearance is on a CD-Rom sent out in early 1995 by Microsoft to program-developers.

The corporation has always been uncomfortable about the fact that first DOS and Windows, its world-swallowing operating systems, and then Word, have been so prey to virus-writers. In 1996 Stuart Anderson, then Microsoft UK's support services manager, said: "To consider taking out the functionality [that makes macro-viruses feasible] would be a step back. I mean, can you have too much functionality?"

After this weekend, you would tend to answer: yes. By yesterday there were at least three new "strains" of Melissa whirling around, one named "Papa" and using Microsoft's Excel spreadsheet rather than Word to propagate, and copying itself to 60 people rather than 50.

If nothing else, the problems of macro-viruses have shown the weakness inherent in Microsoft's dominance of both business software and home PCs. Many people are paranoid about downloading files from the Internet - a fear which hoaxers exploit by creating messages that warn: "If you get an e-mail entitled JOIN THE CREW then don't open it, it will destroy your computer!! Send this message to 50 friends to warn them too!!" The only difference about Melissa, of course, is that it automates the sending process.

Meanwhile the anti-virus business has become a worldwide industry worth hundreds of millions of pounds.

But while it is the virus-writers who create the potential for damage, to some extent the users and the writers of the software have to shoulder some blame. If Word macros could not automatically access the electronic address book, Melissa would be impossible; if the e-mail program could not automatically open a document; and so on. "Sure, the problem is the default settings Microsoft puts in," said Jack Clark of Network Associates International, an anti-virus company. "But people want functionality. We always encourage people to change the defaults."

In the end, virus-writers will always find a way in - especially with more and more inexperienced users who want less and less involvement with their machines. To quote a comment spotted on the Internet yesterday: "If you make it idiot-proof, they will make a better idiot."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in