Ebay crashes,Worm virus shuts down e-mail at boeing etc.greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread |
Its coming fast and furious, go to Aol news line for today. The virus story is unbelievable!!!!!!!
-- David Butts (dciinc@aol.com), June 11, 1999
Links?
-- (oldyeller@sanfran.com), June 11, 1999.
http://www.aol.com/mynews/specials/news/virus/
-- Dina (DinaLM11@aol.com), June 11, 1999.
My company is taking this virus VERY, VERY seriously.
-- Brooks (brooksbie@hotmail.com), June 11, 1999.
Along with Boeing and G.E. and Suisse Boston (didnt they downgrade bank stocks?) I love this quote from the AOL story. "Atlant-based Southern Co. The largest publicly traded U.S. power producer, also said it's e-mail system was infected"
-- David Butts (dciinc@aol.com), June 11, 1999.
Courtesy of Michael Dowd by eMail:[ For Educational Purposes Only ]
June 11, 1999
New York TimesNEW INFECTION IS KILLING FILES THROUGH E-MAIL
By John MarkoffSAN FRANCISCO -- Computer researchers Thursday reported a malicious computer program that is spreading rapidly through the Internet by E-mail and destroying documents created by widely used Microsoft software programs.
Several large corporations, including Boeing, AT&T and General Electric, said their computers had been infected and moved to limit the damage, in some cases by shutting down their E-mail systems. Employees of Microsoft, Intel and the anti-virus software maker Symantec said they had also been hit.
The attacking program shows up as an E-mail attachment. When opened, it embeds itself in the computer's software, destroying files created by common applications like Word, Powerpoint and Excel and propagating itself to the victim's E-mail correspondents. It is far more dangerous than the Melissa computer virus, which spread rapidly in March as a sort of an E-mail chain letter but was not designed to destroy files.
Thursday anti-virus companies made updated scanning programs available through their Web sites to fend off the attack. But anti-virus experts said that the program, known as a worm, was difficult to detect and that the best defense was for computer users to avoid opening suspicious E-mail attachments.
Several anti-virus software companies said they believed that the worm had originated in Israel, where it was first detected on Monday. It had begun spreading in Europe and the United States by Wednesday.
The program is particularly insidious, anti-virus experts said, because it is attached to an E-mail message -- ostensibly from someone known to the computer user. The message has a salutation with the recipient's name and then says: "I received your E-mail and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs. Bye."
At AT&T's headquarters in Basking Ridge, N.J., the company intercom broadcast an alert at lunch time warning employees that the program was spreading and a spokesman said he believed that several hundred computers had been infected within the building.
At Boeing, computer security personnel issued an alert this morning that a malicious program was on the loose, then shut down the E-mail system in midafternoon while updated anti-virus software was put in place, said David Suffia, a company spokesman. The system was expected to be down overnight, he said.
At Intel, the program was first discovered during the day at the company's development facility in Israel and computer administrators severed networks linking the company to Europe and the United States to halt the spread of the program, according to a company memo.
Microsoft executives said that they cut off network connections for several hours on Thursday morning.
Some companies said they had already faced down the virus and quelled it by installing anti-virus software. "It's gone and past; it's a great tornado that zoomed through and left," said Pam Wickham, a spokeswoman at General Electric. She said the company had been warned on Wednesday and that anti-virus software had been quickly distributed, minimizing the impact.
The worm preys on Microsoft E-mail programs like Outlook, Outlook Express and Exchange, and other programs that use a Microsoft protocol called MAPI. It uses those programs' features to spread itself to other computer users who send mail messages to the infected machine.
The program, which comes in a file identified as zipfiles.exe, is a kind of attack known as a Trojan horse because it fools users into executing a malicious program by opening the attached mail document.
The program than creates another file named explore.exe, which is launched every time the infected computer is restarted.
Such an approach, known in the computer underground as "social engineering," relies on the gullibility of computer users who are lulled into believing that the program has actually been sent as a reply from the person to whom they recently sent an electronic mail message.
"The Explore worm is even worse because you get it from someone you know," said David Chess, a research staff member at I.B.M.'s Watson Research Laboratory in Hawthorne, N.Y. "People are going to be lulled into thinking it is O.K."
Once the worm establishes itself, it systematically searches for documents created by three programs that are part of the Microsoft Office suite -- Word, Excel and Powerpoint -- as well as some programmers' files and erases them. Word is the world's most widely used word processing software and Excel is the most widely used spreadsheet program. Powerpoint is software for creating graphical business presentations on a computer screen.
Thursday, experts at anti-virus companies said the new program represented a disturbing trend in the virus underground, which appears to be developing more lethal programs.
"In the last few weeks we've begun to see attempts by virus writers to combine the rapidly spread capability of the Melissa program with a more destructive payload," said Wes Wasson, director of security product marketing at Network Associates, a Silicon Valley software developer whose products include anti-virus programs.
He said he expected to see a number of copycat programs as virus writers attempt to mimick the Explore program.
Network Associates has recently established "risk assessment" guidelines for gauging the danger of new malicious programs, and Mr. Wasson said the company had assigned the Explore worm a "high" rating, its most threatening category because of its destructive ability.
The new program is known as a worm rather than a virus because it is self-propagating from computer to computer through networks, in this case by generating a reply to each incoming E-mail.
In contrast a virus is spread by inserting itself into files on a computer system that are then passed along. (The Melissa program exhibited properties of both a virus and a worm, computer researchers said, because it both attached itself to Word documents and used E-mail to spread itself.)
The term "worm" was coined by the science fiction author John Brunner in his 1975 novel "Shockwave Rider." In the novel worms were programs created by a rebel group that helped destroy an oppressive computer network.
Although the new Explore worm does not have the ability to spread as quickly as the Melissa virus, which mailed itself to 50 computer users at a time, it still has the capability to quickly proliferate because an infected machine tries to infect any other computer that it receives mail from, researchers said.
Officials at the Computer Emergency Response Team, or CERT, at Carnegie Mellon University in Pittsburgh said today that they were studying the problem.
"We're still trying to understand the scope of the problem a little better," said Shawn Hernan, a CERT security expert. He said that by late this afternoon the security organization had received only 10 reports of worm infections, though he said the program had spread rapidly at the afflicted organizations.
Today, some virus experts said they were puzzled by the recent destructive bent within the virus writing community. Many of the programs in the past have been written as a form of cybernetic graffiti and are annoying but do not do physical damage.
But a program like the Explore worm has the power to destroy years of work.
"I can't imagine what these people who write these programs are thinking," said Chess, the I.B.M. researcher.
Kent T. Hoffman
Marycliff Institute
807 W. Seventh Ave.
Spokane, WA 99204
Phone: (509)455-7654 ext.54
Fax: (509)455-4112
----------------------------------------------------------------
xxxxxxxxxx xxxxxxxxxx xxx
-- Ashton & Leska in Cascadia (allaha@earthlink.net), June 11, 1999.
I wonder if some of these new viruses we have been seeing pop up lately are just the precursor to the wave of cyber-terrorism that is predicted for the beginning of next year. Maybe viruses that are probes to see how what strengths/weaknesses they have and how they are dealt with. Am I a doomer for saying that?
-- (oldyeller@sanfran.com), June 11, 1999.
"I wonder if some of these new viruses we have been seeing pop up lately are just the precursor to the wave of cyber-terrorism that is predicted for the beginning of next year. "Nah. Old news.
The most capable computer types hate Microsoft, and enjoy trashing Microsoft products. It is easy to get "virus development kits" which allow one to create their own viruses. Unix gets hit too, but I think people hate Micro$oft more than Unix.
Also, Micro$oft products are built very poorly and easy to crash.
Viri are an issue, but not anything new...
-- Anonymous99 (Anonymous99@Anonymous99.xxx), June 11, 1999.
Either that or there are a bunch of pissed off serb hackers somewhere.
-- nine (nine_fingers@hotmail.com), June 11, 1999.
Where did you hear e-bay crashed??? I was just there and it worked just fine.
-- Get the facts (CiteYOURsource@now.com), June 11, 1999.