Christmas in March?
Network World, 04/05/99
A dozen years ago, IBM's corporate data
network was hit with a computer virus that
might have been the direct ancestor of the
Melissa micro virus that is now providing
managers of corporate data networks with a
bit of diversion. It does not seem like there has been much
learning in
the intervening years.
In mid-December 1987, a German student wrote a little program to
draw a picture of a Christmas tree on an IBM terminal and sent it
to
some friends in an e-mail message. But this program had a hidden
feature in that it could look for a file of e-mail aliases on the
user's
disk. If the program found such a file, it sent copies of itself
to
everyone listed in the file.
If some of the entries in the alias file were mailing lists, then
everyone
on the lists would get a copy. The exponential explosion in the
number of copies of the message quickly overwhelmed e-mail
servers
wherever the message propagated. One of those places was the IBM
corporate data network, which had to be shut down for a number of
hours to clear the problem.
If this sounds familiar, it is because the Melissa virus that
showed up
a few weeks ago does basically the same thing. Melissa has one
additional feature - it infects the user's own files. So if the
user
subsequently sends one of the infected files to a friend, the
problem
starts up all over again. The end effect has been the same as it
was
with the Christmas tree program - many corporate mail servers
have
been swamped and several large companies have had to disable all
their e-mail systems for a time.
The two viruses exploit the same two system features. First, one
user
can e-mail an executable file to another user, written in an IBM
scripting language in the first case and Microsoft Word macros in
the
second case. Second, users in IBM and Microsoft environments tend
to keep large e-mail alias files.
It's hard to determine how to confine the ability of Word macros
to
modify their environment. For example, I find it difficult to
understand why macros are permitted to modify the security
protections against macros.
Melissa seems to be benign, with the clogging of servers its
major
effect. But what if Melissa twiddled every millionth bit on your
disk,
causing programs to randomly fail and data to be corrupted?
Word and other program macros have been the vehicles for a number
of recent PC viruses. When is Microsoft going to learn from
history
and get serious about analyzing the vulnerabilities that the
macro
feature adds to the system? When is Microsoft going to eliminate
the
vulnerabilities once and for all?
Disclaimer: History is one thing that Harvard has a lot of and
sometimes learns from, but the above is my history lesson.