e-v-mail

Korova Multimedia

Up to the "Hoax du Jour" home page
(home page)

CERT Advisory CA-99-04

CIAC Bulletin J-037

Hoax du Jour tips on protecting yourself against "Melissa"
(updated April 04, 1999!)

Microsoft:
"Word Macro Virus Alert (Melissa)"
"Word 97 Template Vulnerability" Bulletin
Word 97 Template Security Patch

Microsoft Knowledge Base:
No Macro Warning Opening File Attached to Template
FAQ About Word Macro Viruses
What to Do If You Have a Macro Virus


Public links to this specific article:
http://www.korova.com/virus/hoax990329a.htm
Also: this page, print-friendly

Got a question? Try
"The FAQ du Jour"




Previous "Hoax du Jour" columns

The "Hoax du Jour" Index

A More Wretched Hive of Scum & Villainy

Children's Crusade

Lingering Misinformation

Viral marketing is Now.

The Grinch is Real

Call Now!
(Int'l phone scams)

"You're Never Gonna Believe This..."

The Word Macro Spam 'Bot

Calls to Overreaction

Remote Explorer of My Eye

Internet Access Charges & Taxation

The Fear of AIDS (Needles)

Toxic Tampons

Death Threats and Disney Trips

The AOL Hacker Riot II

The "90# Phone Scam" Alert

E-j-mail Extortion

Phone Slamming

AOL Cookie





Click here for the "Hoax du Jour" top-level page.

Related topic: you know what e-mail is. But do you know what "e-v-mail" is?

Related topic: rate your own Internet alert (or just-received warning from a well-meaning friend) against the Korova Drop-dead Internet Alert guide.

Computer virus protection If you're not using anti-virus software, you need to consider getting some, and soon. Click here to choose some from Amazon.com. If you're connected to the Internet with an "always on," broadband connection (cable modem or DSL), consider getting some firewall software, or a hardware solution for your entire home network.


About the "Hoax du Jour"

The "Hoax du Jour" is a recurring column providing updated information and commentary on the Internet community. It is a feature of Korova Multimedia's "e-v-mail" page.

What is a "hoax du jour?" With the advent of widespread use of the Internet as a medium for sharing information, the phenomenon of sharing misinformation has exploded. Conventional urban folklore and propaganda have blossomed on the Internet. Intentionally misleading information is broadcast on a professional and personal level.

On the Web, misinformation wants to be free. It also likes to be free of authenticity and corroboration, when such grounding deflates the credibility of the content.

The result? Naive users of the Internet are subjected to a daily barrage of data that are erroneous, slanderous, and sometimes even destructive. This page is dedicated to discussing intentional misinformation, or 'Net hoaxes.

Disclaimer The opinions expressed here are entirely my own, and do not reflect policy or intentions of any persons, groups or companies referred to or linked from this site. I, my guest writers, or Korova Multimedia are not responsible for content or sites linked to from the "Hoax du Jour" column.


Kudos and links for
the "Hoax du Jour"

About.com
("Best of the Net")

Computer Virus Myths
(recommendation)

The Curse of a Thousand Chain Letters
(recommendation)

Lycos Guide: Urban Legends
(Top Rated Site)

The Motley Fool
("striking a blow for rationality")

ProjectCool
(March, 2001)

Suite101.com
("three stars")


Also on Korova.com

Clean the hoax-y taste from your mouth with Nonstop Anonymous Monotonous Onomatopoeia, just for fun.

Get a fresh perspective with Korova Truth.

Think outside, way outside, of the box at ChromeJob.com.





Other anti-hoax resources

Korova Multimedia: "e-v-mail"

Rob Rosenberger:
Computer Virus Myths

DoE CIAC - Hoaxbusters

Barbara Mikkelson:
Urban Legends Reference Pages

David Emery:
About.com guide to Urban Legends & Folklore

HoaxKill Service


Urban legend and computer security books

by Jan Harold Brunvand
Click to order this title from Amazon.com
The Baby Train
The Choking Doberman
Curses! Broiled Again!
The Mexican Pet
The Truth Never Stands In The Way Of A Good Story

also:
Computer Security Basics (O'Reilly)

... or search Amazon.com for more books about hoaxes and urban legends...


Sponsor links:

Back to The Word Macro Spam 'Bot

(Cont'd.)

March 31, 1999

On the Trail of a Culprit


CNN: How real is the threat of a cyberwar?

As predicted, the news media are running away with themselves. (See the CNN Interactive "in-depth report" by John Christensen, above.)

George Smith (The Crypt Newsletter) found the New York Times asserting that, though there was no evidence, there was THE POSSIBILITY that "Melissa" might launch its attacks from mail clients other than Outlook. That's about as reasonable as asserting, "I have no evidence that there is a Santa Claus, but I suspect that he's probably living right up there on the North Pole." Uh-huh.

CNET reported on Monday that Network Associates Inc. (NAI) had tracked the original posting of LIST.DOC to the alt.sex newsgroup from an America Online (AOL) address:

Melissa virus launch identified
By Stephen Shankland
Staff Writer, CNET News.com
March 29, 1999, 6:35 p.m. PT

A poster called "Sky Roket" launched the Melissa virus into the wilds via the newsgroup alt.sex early Friday morning, antivirus company Network Associates said today.

In addition, a copycat of Melissa called "Papa" was first posted in the alt.bondage newsgroup, said Sal Viveros, group marketing manager at Network Associates.

After Network Associates heard about Melissa from a customer, its newsgroup-sniffing software was able to track down the point at which the virus first emerged, Viveros said. The company it was the first insertion into the world because the original file, "list.doc," had a creation date just a bit younger than the time it was inserted.

... Sky Roket apparently has posted as far back as 1997 to other sex-related newsgroups with virus-infected files named things like "complete list of adult sites" and "complete list of cracked Web sites."

True to form, the NAI spokesman contended that this virus writer "was very clever." Well, of course. No antivirus developer or information security consultant wants to openly ADMIT that the Internet is being severely threatened by some boob with a second-hand copy of VBA for Dummies, right??

I agree with NAI, on this one. The writer was certainly clever enough ... to change the computer's time to falsify the "creation date" to a predetermined time just before the file was "inserted" Friday morning.

By Tuesday morning, WIRED NEWS had identified that the boob, er, very clever writer, was an AOL user in Washington. (Perhaps it was a mistake when Trend Micro pinpointed the "launch point" in Western Europe?)

Melissa, Spawned by Spam
by Leander Kahney and Polly Sprenger
3:00 a.m. 30.Mar.99.PST

The admitted owner of the AOL Sky Roket account is Scott Steinmetz, a civil engineer from Lynwood, Washington, who dabbles in pyrotechnic displays. Steinmetz said he's not a programmer, and doesn't use the account for anything except Internet access for his family.

... Sunil Paul, CEO of Bright Light Technologies, an anti-spam service based in San Francisco, said it was the first virus he had encountered that spams its victims.

"I doubt it's a new form of spam," Paul said. "But I think someone in the future might use something like this to spread product info. They could call it viral marketing."

Poor Scott. In a CNET article later Tuesday, he expressed bewilderment at how his account was openly fingered as the source ... apparently without anyone even checking with him. "'I am a little jarred about the lack of security that AOL has in place, and am now going to close my AOL account,' Scott Steinmetz said in an email. ... 'I am not the creator of the virus, nor did I have any part in the distribution of the virus,' Steinmetz said."

For their part, AOL was able to comment on his account,... before refusing to comment. "'We are aggressively looking into it,' said AOL spokeswoman Wendy Goldberg. 'There are a number of variables that need to be further investigated before we can make a determination about whether it was an unwitting propagation.'"

If Goldberg's name sounds familar, in reference to a disclosure of a private account, it's no coincidence. Wendy was the regular spokesperson in the debacle in January, 1998, when the online service had allegedly disclosed the identity of SCPO Timothy McVeigh to a Navy investigator, in violation of AOL's own privacy policies.

AOL came out smelling bad on that one. As reported by Janet Kornblum, "To complicate matters, last night AOL canceled McVeigh's account, accusing him of writing chain letters, said his mother, Teri McVeigh." The supposed chain letters appeared to be his e-mail writing campaign to gain support for being tarred and feathered by the Navy based on information acquired illegally from AOL. Cancel his account? It's the worst thing they could do.

(Ahem. Last year, SCPO Tim McVeigh. This year, Scott Steinmetz. Does anyone at AOL remember Richard Jewell?)


Q: Are We Not Macro?

The news the past couple of days has been unsettling, not least for its lack of skepticism. In ALL the reports that I've been reading, I don't see any really hard questions being asked.

I THOUGHT that the FBI was on the case (assisted by Richard Smith, of Phar Lap Software, who may fancy himself a Special Agent At Large, sort of like Elvis), but I suppose NAI is far more qualified to practice law enforcement. How they presumed to be responsible for fingering Mr. Steinmetz in public, I just can't imagine.

In the military sector, "the beach is secured" -- the U.S. Marines Corps saved their servers through a heroic server shutdown maneuver ("Semper Vi'?").

Finally (at least for today), Trend Micro took a swan dive off the shallow end with the assertion that this is not just a very clever virus (the virus, that is, not the writer),... it's mutating.

M-u-t-a-t-i-n-g. As in Darwin. As in "natural selection," and The Origin of Species. Read this:

'Melissa' mutates, becomes resistant to patch
March 30, 1999 11:32 a.m. EST
by Kathleen Ohlson and Ann Harrison

(IDG) -- As corporate customers scramble to protect themselves from the "Melissa" virus, it has begun to mutate and defeat a widely used patch, one industry watcher said.

In its early going, the virus could be known by its distinctive subject header, which read "Important Message From ..."

But now a variant of the virus leaves the subject line blank, according to Dan Schrader, director of product marketing at Trend Micro Inc., a Cupertino, Calif., developer of virus protection tools. Schrader said the patch, issued by www.sendmail.com, "very quickly becomes invalid for companies depending on that filtering technology."

The variant, called W97M_MELISSA.A, keeps the sendmail patch from detecting, blocking or removing the mutated virus. Schrader said he expects to see more new versions of the Melissa virus appear to corrupt mail files in any environment. He suggested that companies contact their antivirus vendors to make sure their tools can scan for the Melissa variant.

It bears noting that "the patch" that Sendmail.com provides does little more than filter on the SAME SUBJECT LINE that was initially reported last Friday. Easy setup, easy obsolescence.

Rough translation: Eric and his Sendmail gang provide a patch with a guaranteed effective lifetime of maybe 2 hours [virus hackers would immediately change the e-mail characteristics to fly under the radar of the patch in no time]. Virus writers see this, and change the e-mail, not to "keep the sendmail patch from detecting," but simply to avoid detection. Later [Monday morning], infected users send out various [infected] documents in new, unique e-mail, which of course are likewise not detected by the sendmail patch.

Now, I should think that a golden rule of sensible technical journalism is NEVER, EVER refer to the software as an entity. Programs (viruses) are NOT organisms. HAL-9000 was a fictional construct. The idea of a macro virus "mutating," like the HIV virus, is absurd. (No joke: a news piece early this week compared "Melissa" to AIDS.) A macro virus can no sooner mutate than I can turn myself into a chocolate milkshake.

More likely, explained George Smith, is that anonymous twiddlers will play with the macro, or the e-mail containing the contagious Word file. Again, EASY.

There's nothing stopping 100 wanna-be's from re-sending "Melissa" in different messages. There's nothing "clever" about it, folks.

For myself, I don't doubt that once a user's NORMAL.DOT Word template has been infected, subsequent Word files are infected. The same user can e-mail an infected document, in all new messages, all day long.

Here's how our hypothetical pal "Eliza" might easily be struck by someone she trusts. Notice that NOTHING here looks like what the press have described as a likely "Melissa" message:

SUBJ: Wednesday meeting: proposal

Ms. Doolittle, here's the consulting spec for your meeting Wednesday. Keep it simple. Stick to business, weather and everyone's health.

If you make any last minute changes, e-mail me the revision by COB Friday. Best of luck.

<<Higgins Proposal.DOC>>

Pickering

(If you can't stand the suspense, jump ahead to see what Eliza might send out after reading Pickering's message.)

Stay tuned, folks. This can only get better. Rob Rosenberger (Computer Virus Myths home page) recommended making popcorn. Me, I'm ordering pizza and cola, and stocking up on extra batteries for my Skepticism Meter.


April 1, 1999

Well folks, the unthinkable occurred. I was struck by "Melissa."

At around 10:30 AM PT, as I was returning to my desk at our Northern California software development company, my alphamnemonic pager went off. Beeeeep! "Dick," an account executive in our Chicago office, had sent an "Important message." "Here is that document you asked for ... dont' show anyone else. ;-)." I thought it was a joke. (It IS April Fool's day.)

I took two steps. Beeeeep! I pulled my pager out of its holster -- Beeeeep! Beeeeep! I had 2, then 3, more messages.

Sure enough, it was a classic "Melissa" spam, which had gone out to the first fifty addresses in each of Dick's contact lists, mostly company-wide distribution lists like "!WW CEO Staff." Somehow his huge distribution list of distribution lists included "Pager David Spalding." Seconds later, our Marketing VP sent a copy, to the same global lists. Then a QA specialist in Development. ... By the time I'd walked 100' to my desktop system, I had 6-7 messages crammed into my pager.

If you understand how "Melissa" works, then you can imagine that within a minute of Dick innocently opening an infected Word document, his system had spammed most of the company, half a dozen people had opened the message, and opened his Word file expecting it to be urgent news. As I had performed all the preventative measures that I recommended on March 29, I opened the document with impunity and found that it wasn't urgent, but it sure was important. It was the infected document that a customer had mailed to Dick, an in-depth contract proposal.

I predicted that "Melissa" would change form a little bit, and this particular cycle of spam proved it. Dick's spam DIDN'T contain a document called LIST.DOC, nor any URLs to porn sites. The infected "carrier" which delivered the macro virus was a customer's document.

You can imagine the embarrassment.

If other companies are like our little firm, there are a lot of embarrassed business people around. Our IT department sent messages to EVERYONE early Monday, specifying how to upgrade both Word (with the Word 97 Template Macro security patch), and our standard antivirus software. (In this week alone, my AV software has quite admirably caught, captured, and eliminated both the Happy99.EXE Trojan (infected with the W32/Ska virus), and documents carrying "W97m/Melissa.")

Dick and others identified themselves as those who HADN'T taken the pill, and DIDN'T heed the warnings against suspect Word documents. In a way, "Melissa" serves the purpose of tagging those who are not keeping up to date on safe computing issues that are making headlines. Not exactly a "career-enhancing reputation" to earn. I can envision a corporate downsizer asking, "Where's that list from the 'Melissa' crisis in March?"

I e-mailed Dick directly to jab a pesky finger in his chest, and suggest ways in which he could GENTLY advise his "contact" of his calamity. When he called me, he was aghast, and amused. Turns out, a client with one of Dick's biggest accounts had called him up during lunch.

Client: "Did you get my e-mail?"
Dick: Uh....
"Have you reviewed the proposal?"
Well, um....
"While I'm on the phone, would you open it please? I want to ask you something."
Okay.
"Now go to the part --"
Holy shinola!
"What?"
What the f--?! You've given me that macro virus!
"Oh. I did? I got that yesterday, I thought I cleaned my system...."

Meanwhile, back in Novato, David Spalding is walking past the office kitchen when his pager goes off.... Beeeeep!


"Not bloody likely,...."

Returning again to our hypothetical pal Eliza, if she had opened the message that Pickering sent her earlier, she would almost instantly send out the following:

SUBJ: Important Message From e.doolittle

Here is that document you asked for ... don't show anyone else ;-) <<Higgins Proposal.DOC>>

And there you have it. "Melissa" is reborn in a new document which has nothing to do with adult web sites. Arguments that Melissa could be used as "viral marketing" tend to dissipate unless the marketing information were inserted directly in the e-mail message (and some enticement ensured that the Word file will be opened).

Is the week out yet? Has someone reported that "Melissa" is an "e-mail virus" yet?


April 2, 1999

Saved by the bell. On Monday, I predicted that someone, somewhere, would confuse "Melissa" (a Word macro virus that is spread chiefly via e-mail) with "Good Times" (a hoax that purported that an e-mail message contained a virus). As someone told George Smith (The Crypt Newsletter), the story about the virus IS the virus. It's true about "Good Times," and it's true about "Melissa." When I found myself with a dozen copies of "Melissa"-infected files, I couldn't help but take precautions, and then OPEN IT (in Word Viewer). I know, I've been discouraging everybody and his kid sister from doing that, but I succumbed to "infectious curiosity," and took a peek. As I said, I was struck by "Melissa."

Researching today's news, I found the following paragraphs from Reuters that would seem to parrot the modus operandi of "Good Times." (Emphasis has been added.)

Melissa tracked to user name 'Sky Roket'
March 31, 1999
Web posted at: 7:40 p.m. EST (0040 GMT)
SAN FRANCISCO (Reuters)

... The virus used a high-powered automation technology built into most personal computers. Often disguised as a message from a friend or colleague, Melissa took the form of a simple e-mail sent to unsuspecting users, saying "Important message from...." But when users open the message, it caused a flood of new e-mails to be sent over the Internet from the reader's own online address book.

Using the powerful "macro" automation software built into millions of computers using Microsoft's Windows operating system, the macro automatically triggered up to 50 new e-mails.

I'm not sure that I want to touch the vague inaccuracy of the second paragraph, but I include it here to indicate how far afield Reuters has gone. "Melissa" uses the VBA macro language built into Microsoft Office, not Microsoft Windows, to launch an attack from Word and Outlook. "Millions of computers using Windows" don't necessarily have Office installed.

Anyway, I don't think there's any mistaking the fudge factor in the first paragraph. As we've learned together, class, the virus is contained in a Word file, and can only be unleashed by opening that file. And we have also learned that the virus uses Outlook (only) to send messages, not any "online address book." (Federal Computer Week (IDG) also promoted this ambiguity.) Many careless writers and editors have omitted this detail. I all but guarantee that someone has misinterpreted this as a result.

Do you think that Reuters has confused "Melissa" with the old "Good Times" hoax? You tell me.


"And now, here to do a little dance for you...."

David L. Smith (from CNN.com)

In other news, the New Jersey authorities, and the FBI, oh and AOL, too, think they've caught their man. As reported by CNN, MSNBC, Wired News and others, David L. Smith was apprehended and charged with interfering with and conspiring to interfere with public communications, theft of computer services, wrongful access to computer systems, and being an all-around Bad User of the Internet. He stands to spend 40 years in prison, and pay up to $480,000 in fines.

Can you say "Computer Fraud and Abuse Act of 1988?" (Please refer to O'Reilly's COMPUTER SECURITY BASICS (left), also known as "O'Reilly's Yellow Book.")

Reportedly, the information that helped track him down was provided by a lawyer for AOL. That's not news, since it was determined earlier this week that the initial posting to an alt.sex newsgroup came from an appropriated AOL account; AOL was able to provide data that help Federal and state investigators nail the activity down to Smith's phone line.

He used his own phone line? This is a "very clever virus writer," [Sal Viveros, Network Associates] but he used his own car for the getaway??

Let's review this week's big scoops from software vendors, though. Trend Micro reported that the post initially came from Western Europe. Apparently not. Richard Smith of Phar Lap Software (no relation, I presume), who has previously answered the call as a volunteer hunter of virus writers, asserted that the Globally Unique Identifier (GUID) imbedded in the Word file pointed to virus writer VicodinES as the culprit. Apparently not. As reported in MSN, "Christopher Bubb, deputy attorney general, said investigators did not use GUIDs the unique identifiers embedded in every Word document, to track down Smith."

[Later news reports confirmed that authorities were able to compare the GUID from "Melissa" with Smith's recovered computer, with positive results.]

(Coincidentally, Smith made news less than a month ago when he discovered an intriguing security vulnerability in Office documents, Global User IDs based on each computer's unique network adapter (NIC) address. The NIC addresses were found documented in the Windows Registry, Office documents (the GUID), and may have been collected by Microsoft during online product registration. The media attention led to Microsoft offering several patches and utilities, including the "Office 97 Unique Identifier Removal Tool.")

In all, as usual, no surprise, many of the claims and contentions made by the antivirus software vendors have become clear hyperbole and salesmanship. Again. Did any of it work?

I'll give you three guesses, and the first two DON'T COUNT.

By the by, the "Melissa" virus was apparently named after a topless dancer that Smith knew in Florida. Think she's flattered?


April 5, 1999

George Smith (The Crypt Newsletter) has been issuing some high-value reality checks on the continuing soap opera that surrounded last week's virus outbreak. In an insightful article on his site about the hunt for "Melissa's" author, he delves ever deeper into Richard Smith's (no relation) claims that the unique GUID found in the original Word file provided damning evidence of "Melissa's" parentage.

Since Smith announced to the world that Office applications were inserting GUIDs into Office documents, Microsoft released two patches, one for preventing this from happening to new documents, and another for removing the GUID from existing files. A complete discussion (with the patches) of the issue is on Microsoft's web site, signed by Yusuf Mehdi, Director of Windows Marketing.

I have to ask the obvious question. Since these patches are widely and publicly available, just how hard is it for a "very clever virus writer," like VicodinES, or David Smith (according to authorities), to remove the GUID at will? Knowing HOW the GUID is created (derived from a Registry entry), couldn't a reasonably smart virus writer create a file with a FAKE GUID? Crypt Newsletter reader Nic Brown seems to think so....

I side with The Crypt that cute little privacy hacks are no substitute for good, old-fashioned police legwork.

In other news (watching), Rob Rosenberger (Computer Virus Myths home page) found a ZDNET audio broadcast interview with a ZDNN reporter, apparently the best authority on Smith's arrest that could be found on short notice. The interview contained this quaint little quote:

Rob Lemos, ZDNN: Melissa Arrest
ZDTV (requires RealAudio)

"... He's a thirty year old man, which is kind of interesting, because usually virus writers are high school age, uh, for no other reason because, um, in a lot of ways they can't be prosecuted 'til they're over 18. But once you get over that, you think, '"Hey, I better think about being responsible about this.'"

Presuming that Mr. Lemos knows what he's talking about, I guess this confirms that if you're a "very clever virus writer," then the first thing you do after you download VicodinES' kit, is become a teenager.


August 1, 2001

It's been two years since David Smith was apprehended and convicted of writing and distributing the W97m/Melissa virus. How's he doing?

Well, not bad actually. He still has not been sentenced. As the first virus writer who was caught and convicted of laying waste to the Internet as a prank (a gross exaggeration for comedic effect, I hope you see), you'd think the Federal government would make an example of him. Nope. He's still walking around.

Justice Mysteriously delayed for 'Melissa' Author
The Register; August 01, 2001

Nearly twenty months after entering guilty pleas in state and federal court, David Smith, the confessed author of the infamous 'Melissa' Outlook worm, remains free on bail with no sentencing date in sight, while the prosecutors who once ballyhooed Smith's arrest as a model of swift and certain information age justice have fallen mysteriously silent.

When Melissa struck on 26 March 1999, it introduced a generation of Netizens to the concept of a computer virus. The worm targeted Microsoft Word users, and spread by sending an infected e-mail to the first 50 addresses in each victim's Microsoft Outlook address book. Though non-destructive by design, the virus propagated so quickly that it jammed corporate and government networks, forcing some large companies to sever their connections to the Internet temporarily. By some estimates, the virus caused millions of dollars in losses.

Within a week of the outbreak, New Jersey police and FBI agents tracked the virus through a hijacked AOL account to Smith, then 30. On 9 December of that that year the programmer pleaded guilty to computer crimes in state and federal court, and stipulated in a detailed plea agreement to having caused over $80,000,000 in damage. The losses, coupled with other stipulations in the plea agreement, carry a prison term of 46 to 57 months.

... There, the flurry of activity stopped. Smith's 18 February 2000 sentencing date was postponed; then, as the new date neared, it was postponed again. In all, Smith's sentencing has slipped five times. If he were to be sentenced today, the elapsed time between his adjudication and sentencing would come in at five times the 125 day federal average. The state case -- subordinate to the federal sentence -- remains in limbo.

His sentencing is currently scheduled for September 1, 2001. The Register reported that there appear to be no actions on Smith's attorneys to account for the delay in sentencing. The New Jersey US Attorney's office wouldn't discuss the matter. Smith's lawyer wouldn't return phone calls. Smith himself declined comment.

The Register proposed two possibilities for this seeming lack of justice, swift and fair. One, the actual amount of damage created by Smith cannot be determined. Rob Rosenberger of Vmyths.com regularly takes the antivirus software industry, and the media, to task for publishing grossly inflated "damages" figures apparently conjured up out of thin air, or stale office coffee.

Although Smith admitted responsibility to over $80 MILLION in damages, he's not bound to that, and authorities have not been able to prescribe sufficient metrics to determine how much (or how little) damage he really did in order to proceed with sentencing.

The Register's second proposed explanation is that Smith is cooperating with the authorities on other investigations (subsequent virus epidemics?). Such collaboration would be in confidence, and the sealed nature of court documents indicates that he's working with prosecutors. Smith has no known association with criminals, so it's possible that he's working with the NIPC on other virus problems. I wasn't impressed with Smith's ingenuity (he was caught pretty darn quick, wasn't he?), so I wonder just what good he's doing.

As The Register points out, Smith is the only Web-era virus writer to have been prosecuted. The fact that he's still at large, waiting for sentencing, is a joke.


David Spalding


(Suzy Seraphine-Kimel tipped me to this initially; thank you, ma'am.)

Back to The Word Macro Spam 'Bot


© Copyright 1999 D.B. Spalding/Korova Multimedia. All rights reserved.

Contents
Contents

Music
Music

Film
Film

Books
Pubs

Computing
Computing

Consulting
Consulting

What's new?
New!

Map
Map

Bios
Whois?

Contact
Contact

FAQ
Help