In 1999, it took
down much of the Internet for
days, and at that time, the world had never seen a computer virus move so fast. Melissa, a
Microsoft Word–based worm, replicated itself through email and came out of nowhere to take over computer
systems in businesses, governments, and the military. The FBI commenced the biggest Internet
person-hunt ever to find MelissaÂ’s developer. Eventually, the person suspected
of creating the malware was a New Jersey resident by the name of David L.
Smith. In 2002, Smith was sentenced to 20 months of jail time, a fine of
$5,000, and 100 hours of community service upon his release.
Many computer security technologies—including anti-virus
software, firewalls, and mobile code—are based on the concept of querying the
user with the question, “There is a security issue here; are you sure you want
to continue?” Security professionals have long warned that this kind of
dependency is unreliable because users have to be “lucky” in answering the questions
right all the time—whereas a cracker needs to “get lucky” only a few times.
In the case of the Melissa virus, every user who spread the
virus was first prompted with the query, “This document contains macros; do you
want to run them?” Inevitably, the users answered incorrectly, that is, they
answered “yes.”
See Also:
Electronic Mail or Email; Federal Bureau of Investigation (FBI); Internet;
Malware; Virus; Worm.
Melissavirus.com. Melissa Virus. [Online, August 14, 2004.] Melissavirus.com
Website. http://www.melissavirus.com; Graham, R. Hacking Lexicon. [Online,
2001.] Robert Graham Website.
http://www.linuxsecurity.com/resource_files/documentation/
hacking-dict.html.