Variations of email killer still doing the rounds
Mutations of the Melissa computer virus have appeared over the last month, haunting 10 companies in the past week, according to an anti-virus firm.
Recently, two variants of the Melissa virus -- Melissa.U and Melissa.V -- and VBS.Freelink, a Visual Basic script virus with a Melissa-like effect, have been infecting the unprepared.
Just ask Design Continuum, an industrial design firm that spent 40 man-hours cleaning up after a recent virus outbreak. Two weeks ago, Tim Cronin, Design Continuum's director of business development, received an email from a client with the subject line "Check this". Without thinking, Cronin opened the attachment, which was infected with VBS.Freelink.
"Within 45 minutes, I looked back at my screen and saw 60 messages from outside sources asking what I had done, and my Information Systems manager was on the phone asking me what had happened," Cronin told ZDNN in an interview.
VBS.Freelink is a relatively benign virus that spreads quickly, but does not damage data. Still, in spreading, the virus can create quite a bit of carnage, said Cronin. By the time he realized what had happened, all 85 of the firm's employees had received the attachment and enough had opened the email to cause the company's servers to overfill, rejecting incoming messages. "We invested at least a man-week in cleaning it up," he said.
Emailed from a trusted source, Design Continuum -- and its unnamed clients -- had fallen victim to the trick that made Melissa so virulent: its packaging. "I received the original e-mail from a source that I recognized as my client, so I felt trusting enough to open the attachment," he said. In fact, the social engineering was so good that, when several recipients' anti-virus software deleted the infected mail, they wrote back to Cronin, asking him to resend the document.
"There is a good bet that I would have been immune as well if I had updated my anti-virus suite," he said. Design Continuum seems to be in the minority, however. Overall, companies and home users alike seem to have taken to heart the lessons of Melissa: Be suspicious of all attachments and regularly update your anti-virus software.
"The shock value of Melissa was good for education," said Chengi Kuo, director of anti-virus research for security software firm Network Associates. "Corporations are much more attuned to email-based viruses. Anytime they hear about a virus, they want to know about it and get a cure immediately."
Anti-virus firm and NAI rival Trend Micro reported only six companies infected with the Melissa variants in the past week; four others have been hit with Freelink. "We are just in the 'Variations on a Theme' period right now," said Susan Orbuch, director of communications for Trend Micro. The anti-virus firms regard the past few months as a lull between storms. "It takes a while for virus writers to come out with something new," said NAI's Kuo. "Most viruses are by virus writers who have taken the code and tweaked it."
While a "tweaked" computer virus may not be identified by anti-virus software due to its different fingerprint, all major anti-virus software also has heuristics to pick out modified viruses. "The recent viruses are nasty (more destructive) than Melissa," said Trend Micro's Orbuch, "but our heuristics are catching them because they are only variants -- they are not new."
Luck is a large factor as well. Anti-virus vendors who find out about a virus before it enters the wild can limit any damage and distribute new detection data -- known as "definitions" -- for their software. Yet, while the current crop of code being generated by virus writers is not original , the anti-virus firms are worried that some virus writer will learn how to make a true email virus -- one that does not require the user to act at all. "There are techniques for attacking directly -- without needing the user to open an attachment," said NAI's Kuo. "Such viruses are not out of the picture yet."
Take me to the Melissa Virus special
Take me to the Virus Workshop