Suspected Melissa creator arrested

US Authorities have arrested and charged a man suspected of creating the Melissa e-mail virus and unleashing it on the world from his apartment in a New Jersey shore town.

David L. Smith, 30, of Aberdeen, New Jersey, was arrested over the weekend by members of a law enforcement task force, said Rita Malley, spokeswoman for New Jersey Attorney General Peter Verniero, whose office is the lead agency in the investigation. Smith was nabbed at his brother's home.

Smith was charged with interruption of public communications, conspiracy to interrupt public communications and attempted interruption of public communications, all of which are second-degree felonies. He also was charged with theft of computer services and damage or wrongful access to computer services, both of which are third-degree felonies.

He was released early today after his parents posted a $US100,000 bail, said Paul Loriquet, an Attorney General's office spokesman . If convicted on all charges, Smith could receive up to $US480,000 in fines and 40 years in prison, according to Loriquet.

A grand jury will be convened in the near future to hear evidence and weigh a possible indictment of Smith, Loriquet said. No schedule had been set for the grand jury, he said. Smith could face federal charges as well.

America On Line provided key information that led to Smith's arrest, Loriquet said. "They were the ones who tipped us off to the investigation," he said. "They were the first to track down the virus coming out of New Jersey." Loriquet would not comment on whether Smith held an account with AOL.

Law enforcement authorities served warrants yesterday to search Smith's residence and to trace phone lines hooked up to his computer, Loriquet said.

The virus had been linked to a possibly stolen AOL account by independent sleuths working to track down its origin, according to previously published reports. It also was traced to a handle used by a well-known virus creator, VicodinES, now said to be in "retirement," according to various news reports and information circulating on the Internet.

An AOL spokeswoman refused to comment today on whether Smith used an AOL account to disseminate the virus.

"More information may come out in the (court) proceedings," said Kim McCreery. "We were co-operating with the authorities pretty much throughout. We were presented yesterday with a court order for specific, detailed information and we provided it."

Microsoft also provided information to investigators, according to Sandra Payne, who works for a public-relations agency that often represents the software maker. She said it was her understanding that AOL was more involved in the investigation, but that the FBI did contact Microsoft attorneys for assistance.

While Malley said she is not aware of exactly what kind of job Smith has, she described him as "a computer person, that's for sure." However, whether he works for a company or as an independent contractor wasn't clear to Malley this morning.

Smith worked for a subcontractor for AT&T whose name was not immediately available, Loriquet said.

Smith allegedly created the Melissa virus and then sent it out on a listserv, Malley said, although she did not have additional details regarding which listserv. The virus wreaked havoc worldwide on e-mail accounts last weekend and earlier this week.

Anti-virus software maker Network Associates earlier this week was among the sources to say that the virus first was found on the alt.sex newsgroup and spread rapidly from there.

News of the virus spread, it seemed, nearly as quickly as the virus itself, with warnings issued in news reports and on the Internet telling computer users to beware of Melissa, which was spread through a Microsoft Word document with a macro virus attached to it. Microsoft Exchange Servers running Microsoft Outlook were at risk for infection.

The attachment, bearing the title "list.doc," was connected to a message with the heading, "Here is the that document you asked for ... don't show anyone else ;-)." When the document was opened, the e-mail virus was sent to the first 50 names in the user's address book. Users who unwittingly opened infected documents also found when the e-mail duplicated itself that their names were attached to files containing pornographic Web sites.

Microsoft and Lucent Technologies were forced to close down e-mail systems to keep out the marauding virus. Other corporations, as well as government agencies, including the US Departments of Energy and Defence also were affected, along with companies, agencies and individuals worldwide. While it may never be known exactly how many users were affected by the virus, various vendors, universities and others tracking Melissa put the figure well into the tens of thousands.

Unlike other seemingly more insidious computer viruses, Melissa apparently did not delete or steal files or otherwise damage computers or networks. "However, when the smoke clears, the cost of dealing with Melissa will be measured in the millions of dollars," said the Systems Administration, Networking and Security (SANS) Institute in a flash report on the virus.

"If there was ever any doubt about whether we need to take virus countermeasures seriously, that time is past," the report said. "We recommend virus scanning at the firewall, on servers and on the desktop systems as well as physical entry points for magnetic media for sites that want to avoid the kind of punch Melissa exhibited."

Companies that make virus fixes quickly developed patches, but Melissa variations appeared and those mutations were able to sidestep the patches. One mutation had a blank subject line while another sent copies of itself to the first 60 names in address books upon being opened.

Even before Smith's arrest, the SANS Institute weighed in with a flash report -- typically reserved only for serious security problems -- and offered this conclusion:

"The silver lining in this cloud is that a relatively benign virus like Melissa is a low-cost way of gaining user awareness. That same mechanism can be used by a more malicious attacker to make private information public and to destroy large amounts of important data."

The institute further recommended that users be drawn in to help companies and agencies protect systems against viruses, that incident-handling capabilities be established and that users be informed about how to identify infected documents and who to call for help. SANS also is asking those affected by Melissa to share their "tips, tricks, techniques, experiences and lessons" by sending e-mail with "Melissa" in the subject line to info@sans.org/.

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Nancy Weil

PC World

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?