A dozen years ago, IBM's corporate data network was hit with a computer virus that might have been the direct ancestor of the Melissa micro virus that is now providing managers of corporate data networks with a bit of diversion. It does not seem like there has been much learning in the intervening years.
In mid-December 1987, a German student wrote a little program to draw a picture of a Christmas tree on an IBM terminal and sent it to some friends in an e-mail message. But this program had a hidden feature in that it could look for a file of e-mail aliases on the user's disk. If the program found such a file, it sent copies of itself to everyone listed in the file.
If some of the entries in the alias file were mailing lists, then everyone on the lists would get a copy. The exponential explosion in the number of copies of the message quickly overwhelmed e-mail servers wherever the message propagated. One of those places was the IBM corporate data network, which had to be shut down for a number of hours to clear the problem.
If this sounds familiar, it is because the Melissa virus that showed up a few weeks ago does basically the same thing. Melissa has one additional feature - it infects the user's own files. So if the user subsequently sends one of the infected files to a friend, the problem starts up all over again. The end effect has been the same as it was with the Christmas tree program -- many corporate mail servers have been swamped and several large companies have had to disable all their e-mail systems for a time.
The two viruses exploit the same two system features. First, one user can e-mail an executable file to another user, written in an IBM scripting language in the first case and Microsoft Word macros in the second case. Second, users in IBM and Microsoft environments tend to keep large e-mail alias files.
It's hard to determine how to confine the ability of Word macros to modify their environment. For example, I find it difficult to understand why macros are permitted to modify the security protections against macros.
Melissa seems to be benign, with the clogging of servers its major effect. But what if Melissa twiddled every millionth bit on your disk, causing programs to randomly fail and data to be corrupted?
Word and other program macros have been the vehicles for a number of recent PC viruses. When is Microsoft going to learn from history and get serious about analysing the vulnerabilities that the macro feature adds to the system? When is Microsoft going to eliminate the vulnerabilities once and for all?
Disclaimer: History is one thing that Harvard has a lot of and sometimes learns from, but the above is my history lesson.
Bradner is a consultant with Harvard University's University Information Systems. He can be reached at sob@harvard.edu.