C-PALSY Archives

Cerebral Palsy List

C-PALSY@LISTSERV.ICORS.ORG
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
FW: FBI ON TRAIL OF VIRUS AUTHOR
From:
"I. STEPHEN MARGOLIS" <[log in to unmask]>
Reply To:
St. John's University Cerebral Palsy List
Date:
Wed, 31 Mar 1999 02:16:57 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (140 lines) 
-----Original Message-----
From: RBL [mailto:[log in to unmask]]
Sent: Monday, March 29, 1999 4:55 PM
To: Recipient list suppressed
Subject: PCA: FBI ON TRAIL OF VIRUS AUTHOR


-= via RBL's PC ALERT http://www.RBLevin.net

[x] News
[  ] PR
[  ] Op/Ed

Source: http://www.zdnet.com/zdnn/stories/news/0,4586,2233181,00.html

Melissa threat triggers manhunt
By Rob Lemos, ZDNN
March 28, 1999 8:50 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2233181,00.html

The 'Melissa' macro virus that forwards files to other e-mail addresses may
be
passing more than a Word file with porn sites listed inside. Virus experts
say it
could be surreptitiously e-mailing confidential information, too.

"We have had several calls from industry lawyers and government
representatives
that are worried that this could happen," said Jeff Carpenter, team leader
for the
Computer Emergency Reponse Team (CERT) at Carnegie Mellon University.

How could 'Melissa' purloin classified documents?

The virus infects the default Word template -- called normal.dot. Every new
document created on an infected PC carries the virus.

So imagine creating a confidential document -- say, SECRETPLANS.DOC. If it's
created on an infected system, the file would, upon sending it to a trusted
colleague, find itself being passed on to the top 50 entries in your
colleague's
address book, as per the scripted instructions of the Melissa Word macro.

"The possibility of passing along confidential information is a scary new
twist,"
Carpenter said.

This new wrinkle may have served as the impetus by federal law enforcement
officials to send out on Sunday their first-ever warning about a computer
virus.

The Federal Bureau of Investigation has joined with the infant National
Infrastructure Protection Center to issue a warning in an attempt to stem
the
expected tidal wave of email that Melissa is expected to generate.

FBI hunt underway
At the same time, law enforcement officials attempting to apprehend the
author of
the Melissa virus may be able to track their prey by examining a little
known
piece of electronic code. The FBI, which confirmed it is conducting an
investigation, declined further comment.

But in searching for a veritable needle in a cyber haystack, investigators
could be
aided by an electronic fingerprint called the Global Unique Identifier, or
GUID.
This technology dates from the days when Microsoft (Nasdaq:MSFT) created a
linking technology to bring together a variety of data files into a single
document,
according to Richard M. Smith, president of software tools developer Phar
Lap
Software Inc.

The identifier was a safety precaution to find documents whose links had
been
broken. Yet, the GUID also includes a variety of PC- specific information,
such
as the Ethernet adapter address, which can uniquely identify the particular
PC on
which the document was created.

"There is a slim chance that this could be used to catch the writer (of the
Melissa
virus)," said Smith. "However, it could be used as additional evidence at a
trial."

The little known software identifier gained notoriety in the wake of an
increased
sensitivity to such technology after Intel Corp. (Nasdaq:INTC) announced
plans
in late January to include an electronically accessible processor ID in
every
Pentium III chip. In Microsoft's case, the GUID was not intended to track
people
at all, said Smith -- it's ability to do so was just a side effect.

Smith said he was able to uncover the unique Ethernet adapter address and
manufacturer's ID from the GUID left in the document and two other
indentifiers
left in the macro itself.

By itself, Melissa is largely harmless. But on PCs using Microsoft Outlook,
a
single Melissa virus sends copies of itself to the first 50 users in an
address book.
Because Outlook tends to put e-mail groups at the top of the list, in
effect the
virus is being forwarded hundreds of times by a single user.

Left unchecked, Melissa could overwhelm corporate, government, and military
e-mail gateways, according to computer security experts.



----------------------------------------



Compliments of Rich Levin's PC ALERT service (http://www.RBLevin.net)

To SUBSCRIBE, send any ol' e-mail message to [log in to unmask], with the
words SUBSCRIBE PC ALERT as the subject, or click this hyperlink:

        mailto:[log in to unmask]

To UNSUBSCRIBE, send any ol' e-mail message to [log in to unmask], with the
words UNSUBSCRIBE PC ALERT as the subject, or click this hyperlink:

        mailto:[log in to unmask]

To CONTRIBUTE, send an e-mail message to [log in to unmask], with the words
PC ALERT as the subject, or click this hyperlink:

        mailto:[log in to unmask]

Please allow a few years for Subscribe and Unsubscribe requests to be
processed.

ATOM RSS1 RSS2