Boeing: What Melissa taught us still applies today

Network security has changed much in the six years since Melissa. What hasn't changed is the limited control IT shops have over security.

This Content Component encountered an error

Network security used to be the bastion of IT pros only. But as Boeing Co. has learned in the six years since the Melissa virus roared across cyberspace, there are some aspects of security that IT personnel have no direct control over -- in the end, the biggest battle is educating employees on the dangers of cyberspace and how to ride the Internet safely.

"One big change for us is the role of end-user education and communication," said Jeannette Jarvis, security systems product manager for Boeing, a leading aerospace company. "Since Melissa, we have done a lot of communication about the threat posed by viruses, including the ways viruses can come into the company; how employees can protect the company's computing infrastructure from viruses and malicious code; and what actions employees should take if they think their computer has been infected."

Melissa began circulating March 26, 1999 as a Word e-mail attachment that required user interaction to spread. In addition to indirectly causing a denial of service and

Sound off!
Share your war stories on the Melissa virus by clicking the link at the top of the page.
other performance problems on mail servers, infected users could leak sensitive documents when their systems propagated the virus. Damage and cleanup costs associated with viruses can only be roughly estimated, but ICSA [now part of Herndon, Va.-based Cybertrust] reported in a virus prevalence study that Melissa-related costs were as high as $385 million.

The first successful mass-mailing virus, Melissa quickly overwhelmed many companies by the volume of e-mail it generated, causing many organizations to shut down their e-mail systems to avoid the onslaught until they could mitigate the threat.

Boeing chose to deal with the initial outbreak by delivering e-mail internally and holding up external e-mail until it was cleaned of the virus. The company used antivirus tools and a homegrown content filtering tool to identify and destroy the virus in-house, as well as any infected mail still being sent to Boeing.

"The challenge then was that without any sort of centralized management of any antivirus tools, identifying the infected employee was done manually," Jarvis said. "Due to Melissa [we've since] implemented some automated monitoring techniques that give us an early warning of unusual activity before the antivirus products even touch the mail. This then triggers alerts and automated lockdown of mailboxes."

As Boeing found, there's only so much network defenses can prevent -- user awareness and education can not only prevent users from unwittingly contributing to an attack, it can also give networks another line of defense.

"We've also got the process for quickly alerting employees when there is a specific threat, using a prepared template into which information about the threat is inserted

Compressed files strike another blow to AV

The "alternative" .rar files are picking up where popular .zip files left off as attack vectors.

and then sending it from both the enterprise and regional server levels," Jarvis said. "One of the things we learned with Melissa was that the company's everyday communication processes took too long to get the word out, especially for a fast-moving e-mail-borne virus."

"We also realized that having an early warning system for new threats was imperative. As a result we became much more involved in the industry, including co-founding the Anti-Virus Information Exchange and Anti-Virus Early Warning System," Jarvis added. "All these forums have allowed for needed communication to occur with those fighting the daily virus threat. The relationship between the antivirus vendors and their large customers have developed into a partnership that didn't exist before."

Melissa taught organizations valuable lessons on securing their networks, but though its impact was severe, it wouldn't have the same effect on networks today.

"Melissa is a standout as the beginning of the e-mail virus era," said Jimmy Kuo, McAfee Fellow for the McAfee Anti-Virus Emergency Response Team [AVERT]. "But it wouldn't spread all that much in today's environment. Because macros have been disabled in all Microsoft applications except Excel, most macro viruses are effectively prevented from being transmitted to users."

Kuo said that e-mail viruses will continue to pose a problem for organizations until new e-mail standards are in place. "We're going to have e-mail viruses until we change e-mail standards," Kuo said. He noted that IBM's FairUCE, a spam filter that stops spam by verifying sender identity instead of filtering content, is a step in the right direction -- and not only for viruses. Said Kuo: "It should do a lot toward cutting down spam and especially phishing."

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close