Subject: The "Worm" (fwd)
Date: Tue, 15 Jun 1999 092641 -0500 (CDT)
From: "Roy L. Beavers" <rbeavers@llion.org>
To: emfguru <rbeavers@llion.org>
--------------------------------------------------
Remember: after noon today (my time), EMF-L will be dark until
mid July.... I will notify everybody when I am back on-line.....
Cheerio..... (Be sure you check out what is below.)
Roy Beavers (EMFguru)......
rbeavers@llion.org.......
.....It is better to light a single candle than to curse the darkness.....
EMF-L web-site can be found at:
EMF-L archives can be found at:
..................PEOPLE ARE MORE IMPORTANT THAN PROFITS..................
---------- Forwarded message ----------
Date: Tue, 15 Jun 1999 09:09:18 -0500
From: Edward S Maxey
Cc: rbeavers@llion.org
Subject: Worm
Hi Roy
The following is from today's New York Times.
Felicitations,
Ed
+++++++++++++++++++++++++++++++++++++++++++++++++=
Resilient Computer Worm Is Continuing to Take a Heavy Toll
By JOHN MARKOFF
omputer researchers reported Monday that a virulent computer
program was spreading in a previously undisclosed way, generating new
reports of significant loss of data by major corporations and individual
computer users.
The Computer Emergency Response Team, a government-financed computer
security organization based at Carnegie Mellon University in Pittsburgh,
said the program could spread not only by attachments to e-mail but also
over local corporate networks.
As a result, officials said, companies will need to take more strenuous
and potentially costly measures to guard against an attack, since
computers can be infected even if their users refrain from opening
suspicious e-mail attachments.
Indeed, if even one infected machine is sharing files with other
computers on a network, the program will continually attempt to infect
those computers and to erase files on otherwise protected computers.
"There is a risk of continued infection," said Shawn Hernan, a researcher
for the response team. "If you install anti-virus software," but do not
cut off the ability to share files while each individual computer is
disinfected, the program "continually attempts to reinfect" computers in
the network, he said.
The program, a type of computer infection known as a worm, was initially
detected early last week in Israel, where it is believed to have
originated, and spread to Europe and the United States within two days.
As it propagates from computer to computer, it can destroy data along the
way, preying particularly on widely used Microsoft programs like Word and
Excel.
Although corporations and some individuals typically keep backup copies
of their data, it became evident Monday that the worm could overcome even
that precaution. Because the program expunges the data within a file
without deleting the file itself, the backup copy may also turn out to be
blank if the infection is not detected quickly enough.
"There are a number of ways to make backup copies of data," said Dan
Schrader, the vice president of new technology at Trend Micro Inc. of
Cupertino, Calif. "Computer users should be careful not to back up in
such a way that good data is directly overwritten."
The danger of the program was underscored on Friday when it destroyed
data on the computer of the chief operating officer of Trend Micro, the
nation's third-largest anti-virus company.
Anti-virus executives said new reports of infection by the program
continued to filter in, though not at the rate of late last week. On
Friday, Network Associates, based in Santa Clara, Calif., one of the
nation's leading anti-virus software vendors, said 60 percent of its 300
large corporate customers had reported some computers infected by the
program.
Other anti-virus researchers said that the 60 percent figure was probably
high for the national rate of infection from the worm, known as
Explore.exe for the file that launches it. Still, they said it was likely
to be as widespread as the Melissa program, which infected about 19
percent of the nation's large corporations in March but did not destroy
files.
"Our sense as of Friday is that this program is so far less pervasive
than Melissa but more destructive," said Peter Tippet, chief technologist
of ICSA.net, a computer security research firm in Reston, Va.
A recent survey by ICSA indicated that Melissa had caused more than $393
million in damage in less than a week in the United States.
All the major anti-virus companies said their products protected against
the new infection but not against the danger of file erasure if an
infected machine was connected to the network.
One of those companies, Symantec, said Monday that its customers were
starting to understand the scope of the damage. "People are looking for
their data," said Carey Nachenberg, the company's chief anti-virus
researcher, "and finding that stuff they didn't even think about got
destroyed."
Among the companies to have reported damage was the Storage Technology
Corporation, a computer storage company, which had 100,000 files
destroyed after the infection hit its Colorado headquarters on Thursday
afternoon. The files represented 600 gigabytes of data -- roughly equal
to the storage capacity of 600 late-model personal computers. A spokesman
for the company said the infection had been contained by Friday morning.
___________________________________________________________________
Get the Internet just the way you want it.
Free software, free e-mail, and free Internet access for a month!
Try Juno Web: http://dl.www.juno.com/dynoget/tagj.
Archive provided courtesy of WaveGuide, http://www.wave-guide.org
Reprinted with permission of Roy Beavers, http://www.feb.se/EMF-L/EMF-L.html