An attachment worse than Melissa?
Network Associates says Papa, delivered as an Excel attachment, might 'ping' your network to death.
Network Associates today says it's discovered an attachment-based virus that could be even more obnoxious than the Melissa bug that brought down mail servers over the weekend.
Papa, spread via Excel spreadsheets, not only replicates itself through e-mail, like Melissa, but might be able to launch "denial of service" attacks by repeatedly pinging a network, the anti-virus vendor says.
"Papa sends itself in the same manner as Melissa," says Sal Viveros, group product manager at Network Associates' anti-virus software division, which first spotted the virus today, just days after Melissa surfaced. Like Melissa, Papa will also embed itself in a document opened on the computer once it is infected.
But unlike Melissa, whose main negative impact so far has been to overload e-mail servers as it indiscriminately sends off e-mail, Papa is intended to be more deliberately destructive by launching a "Ping of Death" denial-of-service attack, the company says.
Network Associates believes it causes this denial-of-service attack by sending out a steady stream of ping messages intended to overwhelm network servers.
The ICMP-based 'ping' message lets an attacker identify a server-it's a typical ruse by hackers doing surveillance on someone's network. Papa has its own kind of 'ping' method, according to Viveros. "It seems it can go to an external site to bring the network down."
Melissa was first spotted in the alt.sex Usenet, while Papa has been launched in alt.bondage. Though Network Associates doesn't know the author of either of the two viruses, the anti-virus software vendor has a hunch that Melissa and Papa were not written by the same person.
Anti-virus software vendors are all scrambling to update software to guard against this latest wave of viruses. But the almost unprecedented rate at which Melissa has spread has left the anti-software vendors acknowledging that the usual way to protect users through software upgrades has largely proven useless.
"It's a very wormlike virus that doesn't spread in the typical fashion," acknowledged Carey Nachenberg, chief researcher at anti-virus vendor Symantec. Melissa spread fast, particularly through the high-tech industry. Users, already hit by Melissa, are only now downloading updated detection and eradication for software. Symantec has posted its own anti-Melissa fix online for its product, Norton Anti-Virus.
Viveros is also impressed with Melissa's hurricane speed, noting that the virus hit at least 80% of Network Associates customers in just two days. Intel and Microsoft publicly said they had to shut down their e-mail servers due to Melissa-triggered overload.
Viveros sees yet more trouble ahead from Melissa and Papa.
"Typically, hackers take existing viruses as a roadmap and create more destructive payloads for them," he points out. That means Melissa and Papa may re-surface to wreck or harm such as deliberately erasing files or searching for confidential files to mail back to the hacker.
Until users can get Melissa and Papa anti-virus software upgrades on their desktops, Viveros recommends they ensure that their macro virus warning is enabled
And that they don't open e-mail attachments.