Another day, another virus
While not even in the same league as Melissa when it comes to potential damage, it does share some similarities with the far more annoying Melissa. Like Melissa, boa is spread by e-mail. In the example that came to us, it was an attachment from someone calling himself CASSA with a poorly written message asking the user to look at the attached beta program.
The letter promised that the attachment was a "'FTP,Http.Anti-virus,Proxy Files all in one" program. Between the language, and the fact that it seemed pretty unlikely that it could all fit in a 12K executable, resellers are advised to decline this mail bomb.
Mikko Hypponen, Data Fellows' manager of anti-virus research, who also got this obnoxious package, popped it open and found a long, inane message that ended with: "you should becareful what you get from an email."
While this little bit of computer dirt was clearly corrupt from the moment it enters mailboxes, other viruses--Melissa leading the way--are much nastier and harder to see coming. The only solution is to keep one's anti-virus guard up.
Melissa may have been rendered toothless, but her children live on. Ping and Papa B are the latest Melissa like worms to appear, affecting Word 97 documents and Excel 97 spreadsheets respectively. Ping, unlike Melissa doesn't go after Outlook to reproduce. Instead it makes denial of service attacks on your network and Internet sites by constantly generating ping requests to four different net sites. Papa B, combines a similar denial of service attack with the getting to be all too familiar Melissa trick of using Office 97's insecurity to spread itself across the net while stalling out mail servers along the way. What can you do about it specifically? Besides making sure your customers are safe behind constantly updated anti-viral programs, such as Data Fellows' F-Secure and Symantec's Norton Anti-Virus, it's time to consider adding protection at the mail transfer agent (MTA) level. Some mail servers like Sendmail Inc's Sendmail Pro have included some anti-viral protection by using their built-in, anti-spam shields to knock out Melissa messages on their way in.
Another approach is to use anti-viral programs that work with a user's given MTA. These include Symantec's Norton AntiVirus for Internet Email Gateways and Norton AntiVirus for Lotus Notes and Dr Solomon's Anti-Virus for Microsoft Exchange.
Last, but far from least, it may be time to discourage users from using MS Office 97 attachments at all. With the ease of constructing Office 97 macros that use the Melissa trick of making messages appear to be from trusted friends and co-workers, it may be time to encourage a policy of only using Office 97 attachments when both parties are expecting to exchange documents.
We can no longer count on viruses being as obvious as today's blast-from-the-past boa virus. Viruses' bag of tricks have become far subtler, so resellers need to use all the tools available to protect themselves and their customers.
Take me to the Melissa Virus special.