Copycat virus follows on Melissa's heels

Network Associates has discovered an e-mail virus similar to the Melissa virus that company officials said they believe is even more dangerous than its predecessor.

Dubbed Papa, the new virus is an Excel virus that sends itself in the same manner as Melissa, but sends itself to the first 60 people in a user's address book compared to 50 with Melissa. In addition, Papa sends an e-mail out every time the virus is activated. Melissa only sends the message the first time it is opened.

This time the subject line claims the message is from "all.net and Fred Cohen." The body of the e-mail, which contains an attached document titled "path.xls," then instructs the user not to disable the macros, which is how the virus is activated.

According to Sal Viveros, group marketing manager for total virus defense at Network Associates, the most disruptive aspect of Papa is the fact that it "pings" an as-yet-undetermined external site to make sure there is an available Internet connection. The practice of pinging is not unusual, but Papa pings so many times that it brings the network down.

The biggest concern from a corporate security standpoint is that any document infected with the virus and then e-mailed to another party is distributed in the same way the Melissa virus is, leaving companies vulnerable to having confidential documents distributed unknowingly.

Viveros believes Papa was written by a different person than the author of Melissa, but that it uses the original virus as a road map. This practice of using similar mechanisms to deliver more destructive payloads is not unusual, noted Viveros, which could mean a string of such similar viruses could be on the way. Variants, however, should be less disruptive because virus-detection vendors know what they are looking for.

The Melissa virus first sprang up in countless e-mail inboxes around the world on Friday, replicating itself to end-user address books and sending an exhaustive list of pornographic Web sites to everyone therein.

According to Viveros, Melissa is the widest spreading virus he has ever seen, hitting approximately 80 per cent of Network Associates' major customers, which amounts to almost 100 companies. A significant number of those were forced to take their e-mail systems down.

The Melissa virus hampered -- and in some cases entirely shut down -- e-mail systems for companies the world over. Microsoft, for example, put a halt to all outgoing e-mails throughout the company on Friday to guard against spreading the virus.

Antivirus software companies have already posted tools on the Web to protect against Melissa.

Trend Micro has announced free Internet gateway software designed to block access to corporate networks by the Melissa virus. The software, called InterScan VirusWall, can be downloaded from http://www.antivirus.com and used for free for 30 days. The software is designed to be installable within 15 minutes and is available for a variety of platforms, including NT, Solaris and HP-UX, Trend Micro said.

DataFellows announced its F-Secure antivirus toolkit which scans for viruses and protects Windows software from Melissa. A free evaluation copy of F-Secure can be can be downloaded at http://www.DataFellows.com/Network Associates has announced four tools for helping companies protect against Melissa. Trial evaluations of its Exchange Scan On-Line for protecting Exchange Servers; GroupShield 4.0.2 for Exchange; WebShield Update; and Exchange Scan Commandline Scanner are available for download for free at http://www.avertlabs.com/public/datafiles/valerts/vinfo/melissa.asp/ Command Software Systems, the developer of Command AntiVirus has also announced for its customers a free detection and disinfection solution for the Melissa virus, available from its Web site at http://www.commandcom.com. Command has also posted a fix for the Papa virus. A free "test drive" of Command AntiVirus which can be updated with the new virus fixes, is available from the site.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?