Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

Everybody rode on the coattails of Melissa

Rob Rosenberger, Vmyths co-founder
Sunday, 4 April 1999 POLICE ARRESTED A man who allegedly wrote Melissa. An AP newswire says he named it after a topless dancer. Reporter Nancy Parello mentioned the stripper before she identified the suspect but, sadly, she didn't tell us if Melissa prefers saline over silicone. I fully expect AP will include the dancer's photo in a future newswire. Look, mom! The governor personally knows me! Have you seen the crowd riding on the coattails of this virus? Every major computer security agency published an alert. Every major news organization wrote stories. Computer security offices sent email alerts to everyone in their company. Every virus expert got involved. Every major antivirus firm got involved. Every major email server vendor got involved. FBI NIPC Director Michael Vatis got involved. New Jersey Governor Christie Todd Whitman got involved. Deputy Secretary of Defense John Hamre received briefings about Melissa and JCS Chairman Gen. Henry Shelton probably received the same briefings. All this involvement for a mediocre computer virus by today's standard. Do you think President Clinton will chime in if Lou Cypher[1] pulls a "Jack Ruby" on Melissa's author? FBI rumor-mongering may make it harder for prosecutors to argue their case. Ironic, but not unexpected. Can't these guys just stick to the facts? Oh, well: I hope Mulder & Scully pursue the 8-13 other people worldwide who created Melissa variants. Eugene Spafford, Ira Winkler, and other computer security experts got swamped with media queries after the arrest. One reporter admits he called me because he couldn't reach anyone else — Spafford alone had at least 15 interviewers in queue. "Thank you for calling Hackers 'R Us. Our experts will give you a sound bite in the order in which your call was received." This might explain why ZDTV interviewed a ZDNews reporter.
Does CNN know if digital vigilante Lou Cypher[1] plans to kill Melissa's author?
I set aside my vacation day when I learned of the arrest. No big deal: I enjoyed the media attention. One reporter didn't know why his colleagues told him to speak with me — after all, Melissa isn't a hoax. "Oh, it exists" I said. "Likewise, DataCrime and Michelangelo and Hare and Remote Explorer exist too." The little bulb over his head started to light up...
NEWSWIRES SAY MELISSA "infected hundreds of thousands" of computers in its first 36hrs. A Newsbytes report says it "downed as many as 300 Fortune 500 companies." Now, I can believe it generated so many emails — but hundreds of thousands of infections? We need to ask some philosophical questions:
  1. How many Fortune 500 companies suffered a genuine email catastrophe?
  2. How many Fortune 500 companies shut off their email servers strictly as a precaution?
  3. How many Fortune 500 computer security offices sent an email alert to everyone in the company?
  4. How many of those computer security offices sent out more email about Melissa than Melissa itself sent out?
  5. How many users "disinfected" their computers just by deleting an email?
  6. If an administrator deleted email from the network before it reached your computer, does it mean the administrator "disinfected" your computer?
Oddly, Newsbytes and Wall Street Journal newswires say Melissa "appears to have left Asia relatively unscathed" because they "had enough warning to avoid the virus." Okay, I'll bite: how did Asia get more warning time than the rest of the world? Perhaps Asian computer users enjoyed a long weekend last week? Or — here's a wild thought — did the other six continents escape Melissa's wrath as well? I've not yet spoken to a legit virus expert who accepts the "hundreds of thousands" estimate at face value. "It's only an assumption," admitted a source at one antivirus firm who begged for anonymity. I also hope to find someone who will back PC Week commentator David Berlind's assessment of monetary damages. "Despite the relatively benign nature of this macro virus," he wrote, "the worldwide cost of dealing with it can easily escalate into the hundreds of millions of dollars." Does anyone know the name of Governor Whitman's supervisor? I want to find out how much overtime pay she'll get as a direct result of Melissa...