From: "Swisher, Bob" <bswisher@ou.edu>
To: "'it-fyi@listserv.ou.edu'" <it-fyi@lists.ou.edu>
Subject: it-fyi: Virus May Rouse Users about Attachments (Chron of Higher
Date: Fri, 2 Apr 1999 08:20:21 -0600
Friday, April 2, 1999
Melissa Virus May Finally Rouse Users to Be Suspicious of Attachments
By KELLY McCOLLUM
It may have taken a high-profile computer virus to get the message
across -- opening e-mail attachments is a risky proposition.
Computer security experts have been screaming it for years.Whether it's
a creepy dancing baby, a digital fireworks display, or a thesis stored
in Word format, an e-mail attachment can hide programs capable of doing
serious harm. But the Melissa virus, which raced across the Net this
week, may finally make an impression on users.
The virus takes advantage of weaknesses in Microsoft Word and in
Microsoft Outlook, an e-mail program. When an infected file is opened in
Word, the virus causes Outlook to send the infected file to addresses in
the user's e-mail address book.
The infected messages carry a run-of-the-mill subject line -- "Important
Message From ..." and then the name of the sender -- so recipients are
likely to open the attachment and infect their computers.
Attachments from strangers are best deleted immediately, the experts
say, and gifts from trusted colleagues at least deserve a trip through a
virus scanner.
Campus and corporate network administrators took steps to filter the
Melissa virus out of incoming e-mail messages and used scanners to purge
it from their networks. But Melissa is not beaten yet.
"These infected messages could pop up again," says Mark S. Bruhn, a
network security expert at Indiana University. "It's going to be a
couple of months before we can finally say, 'That one's over with.'"
Mr. Bruhn and other experts are also worried about the mutated versions
of the virus that have already started springing up. One variant has no
subject line, giving recipients no indication of what's inside. And
experts say Melissa could be modified to do far worse.
Most users by now know to be suspicious of messages with the tell-tale
subject: "Important Message From ..." But what if that subject got
changed? Would you be so suspicious of a subject line like "Question
about the syllabus" from a student's address, or "Check out this
article" from an e-mail list?
Perhaps this supervirus will make us afraid to open e-mail attachments
ever again. Are we headed for a fax-machine renaissance in which Word
documents are routinely printed out and transmitted via the relative
safety of paper? At least paper cuts heal, unlike trashed files.
Many attachments are innocuous. Some e-mail programs, for instance, save
each message's routing information as an attachment. One correspondent
has even taken to flagging such "safe" items. His subject line for a bit
of e-mail humor: "Don't look at attachment. Read Joke."
Like anyone's going to fall for that one.
Background stories from The Chronicle:
"Technicians at Indiana U. Battle the Virus Called 'Melissa,'"
3/30/99
"Campus-Computing Officials Find a Worm Lurking in E-Mail
Attachments," 3/19/99
"Attacks Bring Renewed Warnings for Computer Users," 9/15/95
Copyright © 1999 by The Chronicle of Higher Education