Finally, a virus lives up to the advance hype. Almost. After a weekend of warnings about the e-mail attachment from hell dubbed "Melissa," the virus wreaked havoc on some large corporations' e-mail servers Monday, but damage wasn't as widespread as expected. Many in the computing public have grown accustomed to dire warnings followed by hoaxes or de-fanged viruses. In this case, the sneaky virus - which looks like it's coming from a friend - hit e-mail systems at Microsoft, Lockheed Martin, Lucent and even the US Dept. of Defense, according to the Washington Post.
But was all the publicity, well, another round of hype? Mary Jander of TechWeb (via Data Communications) said that the major ISPs around the country experienced no problems. Her piece countered the dire reports on TV and in major newspapers of "hundreds of thousands" of computers affected by Melissa. A prominent network operators' user group said that news reports may have caused companies to shut off their mail servers for no good reason. The Wall Street Journal took a similar tack, with Lee Gomes and Dean Takahashi reporting that the virus "spread considerable alarm," without evidence of too much mayhem. The WSJ's experts said that while it appeared to cause no great damage, they're taking it as a warning sign that the "bad guys have upped the ante."
Indeed, tech reporters thrust into virus warfare played active roles and may have helped the situation by sounding the alarm, for better or worse. A member of the Dept. of Defense's Computer Emergency Response Team (CERT) told the San Jose Mercury News that the damage Monday was "not as bad as it could have been. It received quite a bit of media attention this weekend and people took precautions and made preparations." The Merc's Miguel Helft also reported on the "Papa" mutation of Melissa that spreads through Excel and forwards itself to 60 people. He said hackers are trying to top each other using Melissa code available on the Net - while antivirus companies are countering with new patches and fixes.
Also doing admirable enterprise work is the New York Times' hacker hound, John Markoff, who said Phar Lap Software's Richard Smith was "a lone software detective" who had already assembled a dossier on the possible culprit. It turns out Smith had earlier raised concerns about Microsoft using unique identifying numbers in Office programs. Now he used the ID numbers to trace the Melissa code to a hacker known as VicodinES. "It's pretty clear that VicodinES is somehow related to all this," Smith told Markoff. "Whether he's the author I don't know, but he has his fingerprints everywhere." With some digging, Markoff found that VicodinES is likely a high-school-age hacker with a reputation as a talented virus writer. One expert said it was hard to tell the total damage yet because of the "fog of battle." As part of ZDNet's whopping Melissa special report, Luke Reiter and Jim Louderback reported that the systems administrator hosting VicodinES' pages says the hacker has gone into retirement and wasn't responsible for the virus, but added that VicodinES was "talented enough" to have created Melissa.
Washington Post's John Schwartz tried to gauge the early damage, saying Lockheed Martin cut its 100,000-person e-mail system off from the outside world. He said that one advertising company reported being hit with 32,000 e-mails in 45 minutes, shutting down its legitimate e-mail users. Computer security expert Eugene Spafford surprisingly blamed Microsoft's market dominance for part of the trouble: "We have created this incredibly homogeneous environment in which many, many computers run the same programs, creating a large population with no immunity," Spafford said, "like the Spaniards bringing smallpox to the Incas."