Research Computing Center: Learning Center

Home

About Us

Hours Directions Employment Operations Employee Directory Contact Us Projects Committee Representation

Resources

UNH Email Aliases Printers Passwords

Networking

Security SSH Clients Backups & Restores Statistics EROS Tapes

Learning Center

Documentation Hoaxes Spam Viruses

E-mail viruses

The latest thing in the world of computer viruses is the e-mail virus. The Melissa virus in March 1999 is an example. Melissa spread in Microsoft Word documents sent via e-mail. It worked like this:

Someone created the virus as a Word document and uploaded to an Internet newsgroup. Anyone who downloaded the document and opened it would trigger the virus. The virus would then send the document (and itself) in an e-mail message to the first 50 people in the person's address book. The e-mail message contained a friendly note that included the person's name, so the recipient would open the document thinking it was harmless. The virus would then create 50 new messages from the recipient's machine. As a result, Melissa was the fastest-spreading virus ever seen. It forced a number of large companies to shut down their e-mail systems.

The ILOVEYOU virus which appeared on May 4, 2000 was simpler. It contained a piece of code as an attachment. People who double clicked on the attachment allowed the code to execute. The code sent copies of itself to everyone in the victim's address book, then started corrupting files on the victim's machine. This is as simple as a virus can get. ILOVEYOU is really more of a Trojan horse distributed by e-mail than a virus.

The Melissa virus took advantage of the programming language built into Microsoft Word called VBA, Visual Basic for Applications. VBA is a complete programming language that can be programmed to do many functions such as modify files and send e-mail. VBA also has a useful but dangerous auto-execute feature. A programmer can insert a program into a document that runs instantly whenever the document is opened. This is how Melissa was programmed. Anyone who opened a document infected with Melissa would immediately activate the virus. It would send the 50 e-mails, and then infect a central file called NORMAL.DOT so that any file saved later would also contain the virus.

Microsoft applications have a feature called Macro Virus Protection built into them to prevent this sort of thing. With Macro Virus Protection turned on (the default option is ON), the auto-execute feature is disabled. When a document tries to auto-execute viral code, a generic dialog pops up warning the user about macros, bot the virus. Many people unfortunately do not know what macros or macro viruses are. When they see the dialog box, they ignore it by clicking ok, and the virus executes. Many others turn off the protection mechanism. The Melissa virus therefore spread despite the safeguards.

In the case of the ILOVEYOU virus, the whole thing was human-powered. If a person double-clicked on the program that came as an attachment, then the program executed and did its thing. What fueled this virus was human curiousity; a willingness to double-click.

Back