Security defect 'worse than Melissa'?

Researchers discover a hole in Microsoft's Java big enough to drive a virus through.
Written by Will Knight, Contributor

American university researchers have discovered a flaw in Microsoft's Java Virtual Machine that could destroy a computer upon receipt of an email.

Although Microsoft has issued a fix, the flaw is a potentially serious security threat for millions of Windows users.

Dan Wallach, a member of the Secure Internet Programming group, which discovered the bug, is quoted as saying: "It's the Melissa virus, but even worse. The Melissa virus required someone to click OK. This doesn't."

However, Graham Cluley, senior technical consultant with Sophos Anti-Virus, warns against getting carried away with the potential of this bug. "This is a serious threat but we would dispute that it is comparable to Melissa. With Melissa it was possible to be hit without knowing it, and also pass it on without knowing. In this case, you would know as soon as you were affected, and the sender would also have to be malicious."

Cluley also points out that if the security flaw were exploited in order to download a virus, an up-to-date virus checker would still detect the virus immediately.

Editorial standards