Six Years After Melissa, Mass-Mailed Malware Has Peaked - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:22 PM

Six Years After Melissa, Mass-Mailed Malware Has Peaked

The six-year run of mass-mailed viruses like Melissa may be past their prime, but a research fellow at McAfee says the industry still needs to deal with the underlying problem that allows E-mail to serve as an attack vector for hackers and thieves.

On March 26, 1999, Melissa, the first virus that spread by mailing copies of itself to addresses it dug out of infected machines, swept the Internet. Six years later, mass-mailed worms have reached their peak, said the researcher who led authorities to the hacker who wrote Melissa.

Jimmy Kuo, a research fellow with McAfee, was in on the first discussions as samples of the still-not-named virus were captured and put under the forensics microscope.

Melissa, which was a Word macro virus -- a form rarely seen these days -- was most distinguished by its propagation technique, which involved grabbing the first 50 addresses from Microsoft Outlook, then sending itself to those recipients.

Kuo argued that the propagation scheme would quickly spread, and even flood mail servers with a deluge of messages, predictions that were borne out by events but at first resisted by fellow researchers.

"The first discussions were that the virus wouldn't get very far because it would end up mailing itself, over and over, to essentially the same 50 people within an organization," said Kuo. "But I made the assertion that that wasn't true, because mailing lists were typically among that first 50 due to their spelling -- like 'All' -- or other factors.

"This thing is out there and it's going to get huge," Kuo remembered telling the McAfee team.

The next day, Kuo started trolling the Usenet postings -- McAfee did then, and still does, scan every posting that includes executable code, sniffing for clues to worms and viruses -- and started tracing several that seemed suspicious. With the help of a reporter for the Seattle Times, Kuo was able to track down the AOL account used to post the Melissa-related messages to Usenet. From there, the FBI took over, and located David L. Smith, who had stolen the Washington man's log-in information to use the purloined account.

Smith pleaded guilty to creating Melissa -- which was named after a topless dancer he knew from Florida -- in 1999, and in 2002 was sentenced to serve 20 months in federal prison. He's now serving three years of supervision, which also forbids him from using the Internet.

"It was a very exciting time," Kuo said, of the Melissa outbreak and his search for its author.

"The good news now," he said, "is that what Melissa ushered in is finally waning. Mass-mailed worms and viruses reached their peak last year."

Not that that means we're any safer, really. As he called the six-year run of mass-mailed viruses past its prime, Kuo also made a call to deal with the underlying problem that allows e-mail to serve as an attack vector for hackers and thieves.

"The mechanism of mass-mailing viruses relies on spoofing the From: address, and that aspect has been taken over by the phishers. This spoofing is the singular point for mass-mailing viruses and worms, for spam, for all phishing attacks.

"If we can address this issue of forged headers, and we are, we can diminish the impact of these attacks."

In particular, he pointed to the recent public debut of technology from IBM that can use currently-available means to match the sender address with its sending IP address, one way to nail spoofers.

"As more of these [sender authentication] technologies are used, the amount of spoofed mail will diminish," said Kuo. "Of course, there's now money behind attacks, so while they will diminish in the short run, criminals will turn to other ways and other mechanisms."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll