Suspected Melissa creator arrested
- — 06 April, 1999 21:49
US Authorities have arrested and charged a man suspected of creating the Melissa e-mail virus and unleashing it on the world from his apartment in a New Jersey shore town.
David L. Smith, 30, of Aberdeen, New Jersey, was arrested over the weekend by members of a law enforcement task force, said Rita Malley, spokeswoman for New Jersey Attorney General Peter Verniero, whose office is the lead agency in the investigation. Smith was nabbed at his brother's home.
Smith was charged with interruption of public communications, conspiracy to interrupt public communications and attempted interruption of public communications, all of which are second-degree felonies. He also was charged with theft of computer services and damage or wrongful access to computer services, both of which are third-degree felonies.
He was released early today after his parents posted a $US100,000 bail, said Paul Loriquet, an Attorney General's office spokesman . If convicted on all charges, Smith could receive up to $US480,000 in fines and 40 years in prison, according to Loriquet.
A grand jury will be convened in the near future to hear evidence and weigh a possible indictment of Smith, Loriquet said. No schedule had been set for the grand jury, he said. Smith could face federal charges as well.
America On Line provided key information that led to Smith's arrest, Loriquet said. "They were the ones who tipped us off to the investigation," he said. "They were the first to track down the virus coming out of New Jersey." Loriquet would not comment on whether Smith held an account with AOL.
Law enforcement authorities served warrants yesterday to search Smith's residence and to trace phone lines hooked up to his computer, Loriquet said.
The virus had been linked to a possibly stolen AOL account by independent sleuths working to track down its origin, according to previously published reports. It also was traced to a handle used by a well-known virus creator, VicodinES, now said to be in "retirement," according to various news reports and information circulating on the Internet.
An AOL spokeswoman refused to comment today on whether Smith used an AOL account to disseminate the virus.
"More information may come out in the (court) proceedings," said Kim McCreery. "We were co-operating with the authorities pretty much throughout. We were presented yesterday with a court order for specific, detailed information and we provided it."
Microsoft also provided information to investigators, according to Sandra Payne, who works for a public-relations agency that often represents the software maker. She said it was her understanding that AOL was more involved in the investigation, but that the FBI did contact Microsoft attorneys for assistance.
While Malley said she is not aware of exactly what kind of job Smith has, she described him as "a computer person, that's for sure." However, whether he works for a company or as an independent contractor wasn't clear to Malley this morning.
Smith worked for a subcontractor for AT&T whose name was not immediately available, Loriquet said.
Smith allegedly created the Melissa virus and then sent it out on a listserv, Malley said, although she did not have additional details regarding which listserv. The virus wreaked havoc worldwide on e-mail accounts last weekend and earlier this week.
Anti-virus software maker Network Associates earlier this week was among the sources to say that the virus first was found on the alt.sex newsgroup and spread rapidly from there.
News of the virus spread, it seemed, nearly as quickly as the virus itself, with warnings issued in news reports and on the Internet telling computer users to beware of Melissa, which was spread through a Microsoft Word document with a macro virus attached to it. Microsoft Exchange Servers running Microsoft Outlook were at risk for infection.
The attachment, bearing the title "list.doc," was connected to a message with the heading, "Here is the that document you asked for ... don't show anyone else ;-)." When the document was opened, the e-mail virus was sent to the first 50 names in the user's address book. Users who unwittingly opened infected documents also found when the e-mail duplicated itself that their names were attached to files containing pornographic Web sites.
Microsoft and Lucent Technologies were forced to close down e-mail systems to keep out the marauding virus. Other corporations, as well as government agencies, including the US Departments of Energy and Defence also were affected, along with companies, agencies and individuals worldwide. While it may never be known exactly how many users were affected by the virus, various vendors, universities and others tracking Melissa put the figure well into the tens of thousands.
Unlike other seemingly more insidious computer viruses, Melissa apparently did not delete or steal files or otherwise damage computers or networks. "However, when the smoke clears, the cost of dealing with Melissa will be measured in the millions of dollars," said the Systems Administration, Networking and Security (SANS) Institute in a flash report on the virus.
"If there was ever any doubt about whether we need to take virus countermeasures seriously, that time is past," the report said. "We recommend virus scanning at the firewall, on servers and on the desktop systems as well as physical entry points for magnetic media for sites that want to avoid the kind of punch Melissa exhibited."
Companies that make virus fixes quickly developed patches, but Melissa variations appeared and those mutations were able to sidestep the patches. One mutation had a blank subject line while another sent copies of itself to the first 60 names in address books upon being opened.
Even before Smith's arrest, the SANS Institute weighed in with a flash report -- typically reserved only for serious security problems -- and offered this conclusion:
"The silver lining in this cloud is that a relatively benign virus like Melissa is a low-cost way of gaining user awareness. That same mechanism can be used by a more malicious attacker to make private information public and to destroy large amounts of important data."
The institute further recommended that users be drawn in to help companies and agencies protect systems against viruses, that incident-handling capabilities be established and that users be informed about how to identify infected documents and who to call for help. SANS also is asking those affected by Melissa to share their "tips, tricks, techniques, experiences and lessons" by sending e-mail with "Melissa" in the subject line to firstname.lastname@example.org/.