In 1999, it took down much of the Internet for days, and at that time, the world had never seen a computer virus move so fast. Melissa, a Microsoft Word–based worm, replicated itself through email and came out of nowhere to take over computer systems in businesses, governments, and the military. The FBI commenced the biggest Internet person-hunt ever to find Melissa’s developer. Eventually, the person suspected of creating the malware was a New Jersey resident by the name of David L. Smith. In 2002, Smith was sentenced to 20 months of jail time, a fine of $5,000, and 100 hours of community service upon his release.
Many computer security technologies—including anti-virus software, firewalls, and mobile code—are based on the concept of querying the user with the question, “There is a security issue here; are you sure you want to continue?” Security professionals have long warned that this kind of dependency is unreliable because users have to be “lucky” in answering the questions right all the time—whereas a cracker needs to “get lucky” only a few times.
In the case of the Melissa virus, every user who spread the virus was first prompted with the query, “This document contains macros; do you want to run them?” Inevitably, the users answered incorrectly, that is, they answered “yes.”
Melissavirus.com. Melissa Virus. [Online, August 14, 2004.] Melissavirus.com Website. http://www.melissavirus.com; Graham, R. Hacking Lexicon. [Online, 2001.] Robert Graham Website. http://www.linuxsecurity.com/resource_files/documentation/ hacking-dict.html.