Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
/

An attachment worse than Melissa?

Network Associates says Papa, delivered as an Excel attachment, might 'ping' your network to death.

Today's breaking news
Send to a friendFeedback


Network Associates today says it's discovered an attachment-based virus that could be even more obnoxious than the Melissa bug that brought down mail servers over the weekend.

Papa, spread via Excel spreadsheets, not only replicates itself through e-mail, like Melissa, but might be able to launch "denial of service" attacks by repeatedly pinging a network, the anti-virus vendor says.

"Papa sends itself in the same manner as Melissa," says Sal Viveros, group product manager at Network Associates' anti-virus software division, which first spotted the virus today, just days after Melissa surfaced. Like Melissa, Papa will also embed itself in a document opened on the computer once it is infected.

But unlike Melissa, whose main negative impact so far has been to overload e-mail servers as it indiscriminately sends off e-mail, Papa is intended to be more deliberately destructive by launching a "Ping of Death" denial-of-service attack, the company says.

Network Associates believes it causes this denial-of-service attack by sending out a steady stream of ping messages intended to overwhelm network servers.

The ICMP-based 'ping' message lets an attacker identify a server-it's a typical ruse by hackers doing surveillance on someone's network. Papa has its own kind of 'ping' method, according to Viveros. "It seems it can go to an external site to bring the network down."

Melissa was first spotted in the alt.sex Usenet, while Papa has been launched in alt.bondage. Though Network Associates doesn't know the author of either of the two viruses, the anti-virus software vendor has a hunch that Melissa and Papa were not written by the same person.

Anti-virus software vendors are all scrambling to update software to guard against this latest wave of viruses. But the almost unprecedented rate at which Melissa has spread has left the anti-software vendors acknowledging that the usual way to protect users through software upgrades has largely proven useless.

"It's a very wormlike virus that doesn't spread in the typical fashion," acknowledged Carey Nachenberg, chief researcher at anti-virus vendor Symantec. Melissa spread fast, particularly through the high-tech industry. Users, already hit by Melissa, are only now downloading updated detection and eradication for software. Symantec has posted its own anti-Melissa fix online for its product, Norton Anti-Virus.

Viveros is also impressed with Melissa's hurricane speed, noting that the virus hit at least 80% of Network Associates customers in just two days. Intel and Microsoft publicly said they had to shut down their e-mail servers due to Melissa-triggered overload.

Viveros sees yet more trouble ahead from Melissa and Papa.

"Typically, hackers take existing viruses as a roadmap and create more destructive payloads for them," he points out. That means Melissa and Papa may re-surface to wreck or harm such as deliberately erasing files or searching for confidential files to mail back to the hacker.

Until users can get Melissa and Papa anti-virus software upgrades on their desktops, Viveros recommends they ensure that their macro virus warning is enabled

And that they don't open e-mail attachments.



Send to colleague

Feedback
Tell us your thoughts on this article or the issues it raises.

Contact Senior Editor Ellen Messmer

Fixes available for Melissa Virus
Network World Fusion, 3/29/99

Forum: Did Melissa hit you?
Tell us how you eradicated and protected yourself from this nasty virus.

CERT's advisory on Melissa

FBI warning on Melissa

Microsoft patch
From Microsoft's Web site

Trend Micro virus tools

Symantec's Web site

Network Associate's Web site


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.