Melissa, the stripper and the virus. (and a little Y2K)

Share This Post

Melissa, the stripper and the virus. (and a little Y2K)

Who — or what — is Melissa virus?

To the best of our “who” understanding Melissa was a stripper in Florida:

Yes it’s just another internet link to porn.

“What” is a bit easier. Maybe. Melissa is a macro virus contained in a Microsoft Word document. When loaded and activated, the first 50 people in a Microsoft Outlook e-mail address book are sent the virus. This latest version was more or less an innocuous virus and would have attracted little or no ink, but is was a very fast spreading virus and as a result it clogged those e-mail servers it hit. Melissa hit big corporations the hardest. The bait to download the virus was … free porn (we knew we’d get back to porn). When it sent to the first 50 people in an e-mail address book, and if the initiating site was in a large corporation, most of the e-mail addresses are others in the Corporation. Hence, if 50 people all had each others in their address books, each person in the first life cycle of the virus could receive 50-factorial e-mail messages and additional copies of the virus.

Most viruses are slow and destructive in their actions. Melissa was destructive as a result of its means of transmission, not as the result of any evil intent to your data.

The original Melissa virus macro can be found on some web sites and BBS sites. Once acquired it can be modified, revised, and reused by cyber-vandals. What is almost as interesting is what we learned hunting down the Melissa story (no we didn’t go to Florida) is how the perpetrator was tracked down. It seems that any document created by an MS Word product has an embedded ID code that is unique to each and every copy of MS Word, and is tied to the authorized user when the software is registered. (Remember the user registration logon when you bought that new software product?) This tracking is what Intel was just blasted for with the new Pentium chip code. MS Word has been using the ID document identifier code to attempt to track “illegal use” of pirated software in violation of copyright laws. Others, who are aware of this ID Code, can also track you. Big brother is alive and he may be living in Washington state not Washington D.C.

And a little Y2K

The Panama Canal is insisting that all computer guided ships systems are year 2000 compliant when they use the canal. All vessel owners will have to show that their ships’ navigation control systems, power plants, and propulsion systems will not fail due to embedded micro chips not recognizing the change of the year from 1999 to 2000. Controls such as tug escorts may be imposed for those who cannot demonstrate compliance. Any mishaps could be extremely embarrassing since control of the canal passes from the US to Panama mid day December 31.

The atomic clocks in the GPS satellites were set with a 1,024 week cycle and all began their recent cycles in January 1980. Hence on August 21, 1999 the clocks will reset themselves to zero. Navigational equipment produced after 1994 should be OK, but those produced before may not work. The receiver may interpret the change of date as January 6, 1980 and goodness know where we all were then (we are certainly not going to tell). So the first test of Y2K may just be the atomic clocks on the satellites on August 21, 1999.

Y2K Bank Scam

Recently phone calls have been hitting the elderly and vulnerable. The pitch goes something like this. “Did you know that your bank is not Y2K complaint and that either onSeptember 9, 1999 or midnight December 31, 1999, all of you money will disappear in an electronic whoosh? You need to transfer your money to our Y2K compliant Institution.” This pitch is followed with wiring instruction, and that there are only so many slots for customers and you must act now. It’s kind like the old bank examiner routine, but Y2K compliant.

And now, released in your neighborhood….

Imagine this if you will: Jan 01, 2000, and all of the home detainees, the ankle bracelet people, are set free. Indeed yes, most of the home detainee equipment has failed the Y2K test. Worst case, some will just reset the computer time equipment to 1998. So does the period under house arrest end at the time the bracelet says or actual calendar time? Most are scrambling for time Y2K patch kits and issuing RFPs for new systems. Moral: Don’t pick up people with ankle bracelets that look like bagels.

At a recent seminar on computers and software, an analyst made an observation. Y2K, if you have modern software or have even bothered to look into you software, is not a real problem for the vast majority. He predicted that the real problem will be MSW2k — Microsoft Works 2000 — due out any month now. He projected that, with MS Works traditionally buggy software, more man hours will be spent on debugging and getting MS Works 2000 to work properly than will ever be spent on Y2K. A good laugh and some distinct gasps were had by all.

More To Explore