|
|
|
10 Years With Melissa, the Worm that Changed the World
By: Larry Seltzer
2009-03-03
Article Rating:  / 4
There are 1 user comments on this Network Security & Hardware story.
Malware was in the minor leagues before Melissa showed everyone how to really harass the Internet. 10 years later we still don't have a good solution to mail worms.It was the first of the mail viruses. Melissa hit the scene in March of 1999
and seemed a little like black magic. Open an e-mail attachment, from
someone you know, no less, and suddenly other people you know are
getting the same e-mail. Melissa required Microsoft Office, Word and
Outlook in particular, using VBA for programming and MAPI for
transport. Some modifications were needed to the model, but the mail
virus was an inspiration which transformed the world of malware and
went on to build the massive populations of botnets that infect and
persecute the world.
Authors of mail worms pretty quickly moved on to SMTP as a transport
instead of MAPI. Microsoft filled the holes that made Melissa possible,
but of course even today patches are never applied quickly to make
enough of a difference to such things. And even today there are ISPs that are only beginning to take measures to stop SMTP mail bots.
So I think of Melissa as the intellectual inspiration for most of what
really troubles the world of Windows PCs these days. It didn't do a
whole lot of permanent damage on its own, but it showed the way.
For a sense of what malware was like prior to the advent of Melissa I took a look at the WildList for March, 1999.
The WildList is an anachronism today; so much malware comes out every
day that lists of specific threats aren't useful anymore. But what's
really interesting is the difference in techniques. That WildList is
dominated by a combination of boot sector viruses and macro viruses.
These were serious problems in their day, but compared to malware today
they were a petty nuisance. There were also some genuine viruses (such
as CIH/Chernobyl)
which were not just nuisances and which in fact could cause great
damage. But this damage was also a factor that limited their growth.
The main weakness in the pre-Melissa malware is that it had no
means, or at least no good means, of spreading themselves over
networks, and the Internet in particular. Boot sector viruses spread
through floppy disks. I once worked on a large testing project that got
slowed considerably by an outbreak of the Stoned virus,
the most famous of boot sector viruses. Unpleasant, but surmountable
with some systematic good practice. Macro viruses such as Wazzu
spread by infecting other Office documents on the same system,
typically by infecting the AutoOpen macro or other such Office
facilities. File viruses such as Chernobyl infected other EXEs they
found on the system.
These classes of malware still exist in the world, but they were
largely undone through a variety of factors: one was detection by
anti-virus software. Some changes in Office itself made macro viruses
harder to write successfully, and of course floppy disks became less
common. But the real difference is that they were out-competed by new,
much more powerful malware types that could spread through more dynamic
means.
Melissa wasn't enough to induce Microsoft to change the all-too-permissive behavior of its programs. It wasn't until after the ILoveYou worm almost a year later that Microsoft released the Outlook Email Security Update which blocks the basic Outlook VBA model of mail worms. And Bill Gates's memo about security to Microsoft employees didn't come until early 2002.
No less than spam, mail worms turned SMTP, one of the most important
protocols on the Internet, into an untrustworthy mess. There have been
efforts through standards bodies and private initiatives to fix it, but
it's basically in tatters, a victim of design errors and the likes of
David L. Smith, author of Melissa.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack.
|
|
�������x}r㶲s\@♵M=Ҕlcؖ�I*�EB�c"){~u~|�.{-�D�n4�w�~vv IM˙sל۔\s�Pç��v$vv]2i*
d&�@�jہ��)�}mk4��uB�Z�;�[;#|6S%߽w ^�{��j!�KԚLæzg&$l
d��kbp��,Fc�wO5d{9B �~5[�6m��(GJ�r ZB'?*B4� \2�HMc +#7�ݙx8/DeO�d*Fӽ8�t���;�0k}�>�BQ5w0NK
<['#5në |'3j�6R�䅰Y(0F.Č��u#7J;qz�'-�b'�f�\x#@ڮ�SV�Hf̲;o� tG
ob}u�ק&[!
b�S�3Mu��N֟GBԿ�¥0��V�#vRxA'�ס"
G�m_k|�tfs's~3
CoZeNDj%o�~�cnK(p}=\'BL}:n�/EӝÌfؖqSth(�́V*
(�ZPʍ�罨rwwW�ӽ�l˙p*s�Ͽϔi8_tO/�$�(֝�h
m+iu]+i
�U;�ާ;yԺ} g �d}#5��*%`ZJ�4��_��S�::_B�,=u:}d't6 +?;VU'_ZUCp=��'^=z��lrK��,���.i�TW�ZxqhC!Ժxx="�IKG|<8&:���C���j�ݖE�B_*D�\_�G)L,Y`M����ImdƩ�$|Ǻ�z�N��ԜYhKq�liJu�V�!`FC 0{n6�G@ki��Fk�PY��Tak6�R\� 9jb)6B̄H )'7R�ަ�,-|yE�U��>hi"A[0
(J�!bV3̤"ȅ�Q.%-�>�Ć�>L�bO�ಶyx!jY[6'jtamIiS_��ӲKwI�|�eO~�S�%g�5F4�,h�eݴ%!�g8WoꛛZHLU*f~PJCU�~X@8ʍ85m!SG�ñA
�S&�s;,<
�0��D>O;3jZYs;Ni$|N���I�}ѦM�ޡ:BݘZ����H/0i�
V8;�t�#uӹ�=��W45,h
0#��E�6�]�LR}�t
9q�HhR0|�s70Z[3aP�#[ѽk:Fz��?a#0.Zm��{����Ae^~�}�¢Pwݐ��] cRRR$S'!�hI#r����
Bг!,`@o%`{`[77;�.V+�\y"�*M':܉;T+/2ڹLX)gQY,p[/)�͙J2d0U Q=b`&�Qea*0pRx5Vn.ZU�٦ByQ�Y$*O\Y5*h
`H�LMqr`!]g�so0p#q"�L)3�Py�xl��,�O�6�"Ϩ;d�SBh&H0�0U�Ey����l&{GY�L^͙}wƠ:�'���E_
�-ý-'��.�DSQz�ZҳsM�i
��_*�gYA�3�'|$@]<>+WUPÃ"`"+42[�=!= \P(|32;=�=MjƳ"�#��P7o�Z�ťp(m�tg�ѹ+>q^v.iԆ'iֽXK�u�[�1TĿKúJ�j'-��od��koռ¢ym<2�D֑`9H^>V�"f��˧q4M�lJ5�Bn=�آfmT�K*+j�S#SLo^�vij\.gy�
lD0(2n( 鿙R&a+B֨N`O#�i6�EGzcϐt��N>�OH)
zS7HpLa)e�-�&UmTHb|PF�ȸh�Fqm@XĞ{�8]�}?,Y\X�Ζ�']5�!@0oE��ʵ�{Luh<
Vزi@�X:uosj�)هYk;kH0�V+JIU�ߧi?怚H|A��2e�&Omܱk]>euE��$ci{�:
9y�4���hS\G�kDb8"*paBX�a0�3]�JU�lqԼEoXy?�59
�r]ilu�0q`( Z3:sGV*7_O�;$!W7mTSLqa
֚pD r�.c*O���2"u�n�_8R" @548��
y� *�zq� �
b
(h
bAzp3E��+o
`bIu?a1�:C>5>z_=2dB4�]e�j^Ik0 3le`Sxt$�b*��亢#?݀��n/���Џ]���Mt��AkY�,
�ܠYCs}&�nfGt(_N�ˀ�G]wv�ˬ�g`
Ti54O_@Hpb7e���cߺ��!G܇r7:L�&M}VD�QW5B�dLfQJ'1¥�0cg%�z�[�Y]�}2F��=o e�:@�~!|/�DVIUSԷбtN{a|?�C�1Ź�\�d��넱Ŏr�۬bjr05�x�a3�9�GsH�R1�0� ZH[^OI!+.��6@ai7�[\JEVK`qՁDZ%�c�].g�}]~o̼aH�CG�VUeH4ịV3#
e
46-.wEЋֶ�i&%lĞMGe"7��#;:pb�XrV/\v�8C+`SRj�jv�̢*��Go&ŏj(urN3HD~�=ֲ,A'�$uTjjEI�z$ :w\Ғ֎�>A)M`ɒ8�khs!bzp:'S6PFz��LaX۴�1EV<^���ۍCu�7AHLf;z�e��tH/�� cne&Q�jKZ�@�u0RlȪVo�iZ]J֟D'�fLth�|�cO"uṚok#��÷��K+L)߱~놺9�惪I
|$U˚V�*j�Pȹe#k��F!)W_�1|"�r ]N7�.�_VZQ� ]H�/�s>PV�9��ɷ06njK�;��+Aנn)ɑX�XD�>đ[VR{e"��COkR67Ɵc�1ˏ{/Z]}{��}QLMat��١���#��;?J﮻ǃ}R^Ib ϻg� ��?�N��inb00�N >&?+ޗ?��LЇ_q_r@`uNjc{Ga\�dz�LR(���ɢ]�1tܮ�aF:'(JZ@iD*w.>t/ėlzg+~R퀜u/:R ARz0W�䀠]ju?\� d�0�sti_E���7b��`�xѤ"�bF<$FD/�!B2.�g�+^�-|�}Xxn�slP5hlS�
V�`!��w1t�LV�� (ʁ�=`=����`�Vn9>�\bzH��VB�0F�_Th�)4zu�Sxv9]9S��j7>#E�%'K'
z)��:}iF1�`�n�e܃�B�WVz[k'�w?�!9�'18�Ϻ}hp)�#�H�"2c�]�"TS
8zL-ӤN)fTDxi'>(]ax!wmn?q�%ӝr*nu?AٸEOی,4m�gSsS��\�AGJ脚fye5-�eH5NR�MLC]�OC/� $�;�kB6\xs �go�SÚ�mfygjt?l6V"9G,X-�Y+J#/i\A1�Gh"�,G7Dp�<�3J[L�>CT䵴�f[YUHO~,j�ӂqb��L�yx2;$
#J;ONjX.랟T�Ķ{33x{�Er7gFq'?Iȸ�:Gw*b9,_@ݾpne)�r0�jw;t=z;jw]Q3LpƔ�{`sBk|9G�Q�f0x&�4N%�Ewy'("�,\q"h&
�zC/hM5nWeG�KotA�?G.z�>�tH�09Js dj�BOH4b5~ÿ뢧 � �r[k_=�g䢅�*~T�{20t[h�ؕvd{qO�n<�]1h�gm4gvlLg�I")Vz5w7`�YpJE_V
;_+N`E��,n�9�P2�vAK�Js`Ⱦ�qC7�b���o�!�I.=]awQxIݣ뻻PÞ6wYiEU�.J\�-"PnGz {II5)xu<-J`RTo�y^f} m$.EB�"fc�ME[oqT�8b��;�&�K*�/`UJ�S,גr'L%�Jd埇]qr"u�/*I�=�WaAq�m`T%d�?K5��қaJ4lf.�@^�#߽OKZMK1|h��̡`Z�f.$P�PL![Fd4%Wd2�Λ4w[oP$UY�>�'b+r0Pˏ㌿C�;} j�0ڶς��9�]�J
&���0�A8L":Rl$#�B�[DY��Dt�KF��7gfE¯�gח>�@� u�ZR]QKJN�)8X��� ��,�b`I�U%PDѣj&Mٔ�>-7*]�V#>o�)Ri릸�
mS�FUK۰aB` �Βq��&Z^܂('T~Ĝ~<�_[%/u_��UMu8x~��ƪKQ��I**U`)��<����E8�:�a�I=B56e˘m#7SPd@�pqbKsǘndu$D�$ �� $ J�n3�Dogk4Tm�3S)�a�;d�z0e �d@C�>T4�zb%N�t�AO&�D�5>�bQ{
UZOٴ5Y�xizVʈeߜߜߜߜ_YUrD_=V:kIQ),UE:.]RepcVꇾu�Ņ̞�c%JF\k,W��>-�l`�$joF-�f1�>kE:3K,&s�P6DEׁ^CE WķO{tK`|mP{$b/ިUmv1ne.�M%�>Br@;L@;D�$q;+_~Q|$k=�
|*Ŀb
@:�7:@ڏ�wņFQ#3;q\�/zZPa ώG1x=K"m�m|�[ԖOQ06gQ�yubB%K��@a�9RX(���$n
EShk����`�m)J�W_DO
�Zۼ!Ta�7xԿ�B
!^[�H]_umݢt1j�SVqaa5R\+M1"�#1jlĭ5"Z�M2i'�5D?7�[
qC>�6M0S:e'ř~O5<*t e5^d[V�:
��<�ym��s-}
j2��Q=�;&g^z��Ī~�փs~oooo�5^t�h�R4V`LJ
?-xg}�I�Ox1"^a�Du_jV{"��k)xy*b|TEp.7w�H|��rFNUH\C�c5^maZZJݓ/<-]oR�)9kKq)�aQ7�\�>%כ�EN:wcu�W'QW3b�!�^/E_�0�[
n�XBF���SG��A@#{sc7ŵ_ۏ�Hx�;w-��9{L]!�
�t3a6+W3Aѥ_oJY",[_˯Gjp�,Ʊu�9�{{c�~CP2o2@44kIY'֤ZIHg�cS8#{a4cT1,,QdnH#nb1DKb\�Gj�w�OP5Fyc.&F��PC��řn@7{�^iT60i�8;�~�i=eO)�
x}��-5$=WQx��r�4t�q'u[1_C\��E"f?z��3,M?�"�&�=Mѕ�.b�m0By��uM|x�#o嵤?n%Su(,1@�N|) y�NxNtmI)LőEG|| I-x�Q�)[.�Az[
Ӥ��$H�"
Vv;"B(7�uמSN|lڏ[rjj}ۏo��
TŢWM�#�5B,¶aD�$�ȡ-b6۫1�ʵm�<߉�"HP)%$7�Fv��r(�7���r�|{\�כ5�^�1+w�� Į�^`����klӳ�3 th'&v* &V*�te��3B[w�^�?�r}sι\`{.2?ٝ��66Ƕl�va|�D�uv�H)�X�p,P��D(��~RJHuT�+sH0lY&\zJ��=0]Lv"m*F&#Zik4u���*K�"x�x�aj aF
gfٝ7��g�[�=[!�=Hm~#�dM-ã{{|U:�Ai|%wMܶiC:�&
�xM
�.�OFoJ^j$'Wmp�
�?< ��Pm¼DRSx�&�wd.41��qp5�;���
roE�VIv# ,@҇EꊍBL�x5�6D�:iu;�3rѹu�U�=<�2sޝ �ޒ�<�3]\�h}Ph8(�Sc�}& 'l�I=��0W��5�� [z˘0[�uh�`>zS�#ᘭ#!+%A� H3�)1럯.JC)a�#{~�����L-
DĴ"c�)41GJ[!1}ɹ���gMN:px�XҚ0!���RAAH0�
}wFp��bZ1Ř!�&"7,ǰlFLN۞�%7ra
A�=db��WoH$P`��+wdc>b|�9g�o X_$1F�K �tQ:..�(�� o�I�YP�XP؟�S?pk2�ꧦa/x)ƣE3�N]<��K,2E<�ezwX<>��we~t6�q0G3+Ĕ�f)�u
n9
:j�eO�g�>�{0u�9,2us�x\fH֎�H$Ѕ:x,@#!��9ω��1�ka]M-#YBAaP8�Z
��+z+uT'I]WP)9CȮ�KTU:`|.Oa@>dyݬf/��/8\iJd�R.
��?h�$@�\cA%b^=�`��f:�S�//>�iN?�n�vzx Zѷhlԭs;|Ի|ҽ\^u/�։g0y?Kyl2/*�(H\;NS�ʙŦ΄ksY+rK��xu�,�/g%�qx&v�ݹ����lFyї�5�1~ũ6M�?&/z�W~_˧VֆC�|~�'>;ȑkhw��
��r:�vLYq܄q�P��b;g�]t
ȤRŻ3`dz_+(Z_~�NmS>X_~�48�A�I�}>@?G([hvחw�qN9?t/rʡݜ/~�Y�|Z9s���}s{�9ϡ99y��'E��SN)�S~�90�9{�s#?�0~�9׃r�?=/�r q�P2�U��~�}�oA֗�_S^9)�O@O9r�sڿ�\'I9�s}�S)�ÜJu/*苼5rXB]7'{'sg#�Q8��]a_[k3/Y;3ݲ�I ��
r�i@Lwe<-cENz).~QFxdB$dZ�+mF�D�gczOD1�K�AF0w9�ͧ,O�;H_ẽ�xĿ-NÙ�g�ݞރ�轊r m�v+}Y_�ća�^`��X)2w(o?�8�[]^N�ȇㅢx6 ,L0�}�����J�x�n'qgЕژqu98XXLfLyr�n3E ��A&��m�:�И�YL�C�ɡ�(�
V �k�EF(�l#byEe2�&Q[�9ymXvx�̛\�ؓǀʞq}�lA>m�=]wrl#�k���vܙetW^��"�d`YS-uB�I���c̈́ݞ%S�O"��x^�J��.;4m�?��,ʌ�%41���^_O�3˙a){����l< 𣫼ÄIZ9�
��.�X&"~3 n�ytچ�OnS�C��>X�X��e-s(ŬBSd�<�)O?G[nI�\�k<>a쎸r���n=ձ]w
�`7@I܁>&�~{7
9�1$+nvG�T
'7>��5'ك|2h~�}́!Xs#Q%`
|ݿ[��3_d%�\"d<�l[ +"���
�
KmӬ9s¥"UXJNR��X,8.# kl9S;�.r]�r(c�YʐLW\�,,�L[OىB�ׅѰ0�L;,lyED%e��2JACb
�0F
���:e�brỲ3
cJ\gG�ۂ�~�ՍK{�S<"Y<.GwL�x6�U�AzUN]�Z
12Mo,/`kV�"�K�{�''E��=�!`5>g~C{%�݄�6�=L��&j1Bi>c1�af�r[�*0�7w}�X��Z#`*F"�"�:xqeQ�� T,gv P.�I{yTO7uG��?;�$5_:ˌRh\*.I;��GU��Fn�z�/E�e鞢%!]�w �T>e{!"^ֳ���~k Whc<��x�L�
gMUjT;IxdMn+:cSEᘸe=i(ziKmw9n�~뉘h6JM?
۔̑9MR"�Zi/!zx6
}Tar8~XXqg;f[hx.b&�;f�1Բ��a(��
|
Network Security & Hardware 
