Ten years after Melissa, malware, worms still haunt IT
- 25 March, 2009 08:46
She may be just about to turn 10, but the Melissa virus has given birth to many children since she was born on March 26, 1999.
The first large scale social engineering attack, Melissa spread by convincing people to open an email and its attachment. The attachment was an executable file that scanned their email contact list and emailed itself out to those contacts.
According to Chris Thomas, principal consultant, APJ Internet security business unit at CA, Melissa pioneered the social engineering aspect as a way to get malware to spread. Today we see it with phishing attacks where we are tricked into going to a Web site
“The attack vector that Melissa employed – trick people into opening a malicious e-mail attachment – still works very well today and has been used time and time again by other email viruses,” he said.
Mike Sentonas, McAfee’s director of services, APAC, said Melissa’s significance lay in the sheer amount of traffic it produced and the speed at which it propagated compared to those which emerged before March 1999.
“Prior to 1999, viruses typically did not spread as fast or create the amount of traffic in the way Melissa did. People simply weren’t ready for the level of network traffic Melissa created,” he said.
Graham Ingram, general manager at AusCERT, said Melissa was always more a media celebrity than a threat to IT mangers, but its significance lay in its choice of target.
“The thing about Melissa was that it was the first time we had seen something like it. The fact it operated on a common user platform made it special. It showed that the common PC users was vulnerable,” he said.
According to McAfee’s Sentonas, while Melissa itself was not too malicious a code, its success inspired subsequent pieces of very damaging malware.
“The 'I Love You' worm, which hit in 2000, was one of the most harmful worms of the past decade.
It leveraged email systems to spread rapidly and caused significant financial damage,” he said.
Confirming this view, Pittwater Council IT manager Chris Tubridy recalls that the virus barely registered when it emerged on the scene.
“Melissa was insignificant for us as it did not affect us at all. Lovebug had more of an effect which we were able to shut down before it destroyed anything. I can’t remember hearing of anyone else getting Melissa so it could well have been more of an international phenomenon.”
So, while Melissa at 10 may no longer be an enfant terrible, it was interesting to contrast the development of malicious software since Melissa’s birth, McAfee’s Sentonas said.
“Ten years ago, new malware had a 'big bang' effect – it was a massive event that spread rapidly but then faded out just as quickly,” he said. “To reap financial gains from data theft, today’s malware must be created with a very long shelf life. The emergence of rootkits, botnets, and the vast number of viruses makes malware a much more complex problem these days.”
CA’s Thomas said the Conficker worm was now indicative of the way in which worms now operated.
“It’s the first big virus outbreak we have seen for a number of years, and it was the first step in creating a big new botnet which is estimated to include millions of infected PC’s worldwide,” he said.