NS Internet Column

The first point that everyone missed about Melissa was that that virus was really an advertisement: a spam for a list of pornographic sites which spread itself like a more malicious or traditional virus.. Why not? Every other method has been tried to get people to click on them and it’s a thin week when I don’t get five emails which could be printed out on small cards and stuck in the walls of a London telephone booth. The online porn industry is incredibly competitive and — a little like the real one — profoundly threatened by new entrants who give their goods away. This means that the traditional way to make money, by enticing viewers into handing over their credit card numbers to subscribe to restricted sites, is no longer very effective.

Indeed Melissa purported to carry a list of passwords that would enable you to get into these sites without paying — circulating such lists is another well-known trick because the apparently hacked sites actually rely for their income on advertising, which pays, in the ruthless web model, only when someone actually looks at the page on which the advertisement is found. Why not simply advertise these sites? Because customers are apparently more likely to look at a site if they believe they have cheated to get into it. A moralist might have some fun with that marketing model.

As I seem to be the only person in the known universe who did not receive a copy of the virus, I cannot say what sort of porn was being advertised. But it would be surprising if among the eighty or so sites there were not one or two which looked interesting and I would love to know what happened to their page view figures in the week when Melissa was running round the world. So we can expect to see similar viruses running around the world now that a commercial use has been found for the technique.

Until almost everyone deletes, unread, any Microsoft documents they are sent by a stranger, this method of virus spamming will continue to thrive. And that brings out the second seldom-mentioned fact about Melissa. It is a Microsoft problem. It spreads not solely because Microsoft’s products are so widespread and successful that they provide the largest field of opportunity for any virus writer, but also because they are uniquely hospitable to virus writers. The programming language built into Microsoft’s programs like Word has grown steadily more powerful until it now allows a skilled programmer to do almost anything to Windows. In the process it has grown almost completely incomprehensible to someone of my level of skill.

I remember spending an entire day trying to write a macro that would do something pathetically obvious, like showing me in the middle of the screen a list of all the files I had open. On the other hand I was able without too much trouble to find all the quotations in a book manuscript and count the words in them for copyright purposes.

This involved passing the results over to a spreadsheet and massaging them there. But that’s all right. Microsoft’s spreadsheet can be completely manipulated from inside Word, and this can happen without any outward sign to the person reading the document which is doing it. This has legitimate uses. It’s great for filling out expenses forms I large bureaucracies. But it is also hideously insecure. Word macros can manipulate Microsoft’s email program, too, which is how the Melissa virus got spread. Now I don’t use Microsoft’s email program, but it was still installed automatically with the programs that I do use. And if you use it even once, it automatically reads in the address books from all the other email programs you have and stores a copy for its own use. That saves time, and makes it more likely that beginners will go on using the program, It also makes it possible for Macro viruses to find a list of people to send themselves to, as Melissa did.

All this may be scaremongering. But the source code for Melissa is widely available on the Internet. There have been a few small errors introduced into the published version, but they are, I’m told, easy to spot if you understand the language. And there is some evidence that people have not yet learnt to be careful. One man I know sent out fifty emails three days into the Melissa scare which were all headed "an important message from … :-)" exactly as they would have been if he had caught the virus; all the messages had Microsoft Word documents attached to them. Almost every one of his recipients opened them. I think I’ll send this story as plain text.


Front Cuts Book Back

This stuff written and copyright Andrew Brown. If the page looks bad, that's my fault, unless you're using Netscape 4.x. Then it's yours. Upgrade, and do yourself a favour.