From: "Swisher, Bob" <bswisher@ou.edu>
To: "'it-fyi@listserv.ou.edu'" <it-fyi@lists.ou.edu>
Subject: it-fyi: Indiana U. Battles the Virus Called 'Melissa' (Chron of H
Date: Tue, 30 Mar 1999 13:27:01 -0600
Technicians at Indiana U. Battle the Virus Called 'Melissa'
By KELLY McCOLLUM
The latest celebrity computer virus, known as "Melissa," hammered
servers across the Internet over the weekend as network administrators
at corporations, government offices, and universities scrambled to stop
its spread.
Most institutions seem to have weathered the attack, although some
officials say the hard part will be keeping the virus from coming back.
Administrators at Indiana University, for instance, spotted "Melissa"
Friday afternoon when messages generated by the virus began showing up
on an e-mail server at the university's Bloomington campus. The virus
takes advantage of weaknesses in Microsoft Word 97 or Word 2000 and in
Microsoft Outlook, an e-mail program.
When an infected file is opened in Word, the virus causes Outlook to
send the infected file to as many as 50 addresses in the user's e-mail
address book. Any new Word documents the user creates will be infected
too. The infected messages carry a provocative subject line -- "Subject:
Important Message From," with the name of the sender attached -- so
recipients are likely to open the attachment and infect their own
computers.
Last year, Indiana signed a licensing deal with Microsoft that gives
free copies of Word, Outlook, and other software to all students,
professors, and staff members on the university's eight campuses. At the
Bloomington campus, about 9,000 users depend upon Outlook for their
e-mail service.
According to Mark S. Bruhn, who oversees network security for the
university, technicians were able to intervene before the virus could
overload the university's mail servers. The first step, he says, was to
set up filters to block copies of the virus being sent by campus users.
Since the virus can work invisibly, users may not even realize they are
sending it.
The technicians then set up a filter to catch new copies of the virus
coming in from outside the university. With the spread of the virus
stopped, network administrators began scanning the network to delete any
infected messages already on the server.
By Friday evening, "Melissa" was pretty much under control at Indiana.
But, says Mr. Bruhn, "it's going to be a couple of months before we can
finally say, 'That one's over with.'"
He says the biggest challenge will be educating campus users about the
virus and about how they can prevent similar infections.
Over the weekend, the university set up several Web pages and sent
e-mail messages offering instructions for removing the virus from
personal computers. The computing center even sent a voice mail to
students, professors, and staff members at the university.
"These infected messages could pop up again," says Mr. Bruhn. "People
could store them in their archives; they could have infected documents
on diskettes." Even worse, the same virus could be modified so that it
can sneak past all the filters and scanners now in place. "A mutated
version of this could come along that we'd have to deal with all over
again," he says.
The educational effort is especially important for universities, says
Mr. Bruhn, because academic administrators don't have the strict control
over users' practices that corporations do. Some companies have policies
or software in place to limit how employees can use their computers.
Most universities, by contrast, allow students and faculty and staff
members to use university computers and networks to pursue personal
interests. "In that way, yeah, we're going to be a little bit more
vulnerable," says Mr. Bruhn.
"It just means we have to do a better job of educating our users and
providing them with self-defense tools," he says. "We can say, 'You can
use your P.C. to e-mail friends and family, but you have to understand
what's going to happen if you open an e-mail attachment from someone you
don't know.'"
More information about the "Melissa" virus and how to control it can be
found in an advisory issued by the CERT Coordination Center at Carnegie
Mellon University.
Background stories from The Chronicle:
"Campus-Computing Officials Find a Worm Lurking in E-Mail
Attachments," 3/19/99
"Attacks Bring Renewed Warnings for Computer Users," 9/15/95
Copyright © 1999 by The Chronicle of Higher Education