A new macro virus based on the infamous Melissa has been released into the
wild, and it may be the latest phase in an infowar between hackers and a
security consultant.
According to virus experts, the so-called Papa virus is transmitted in the
same manner as Melissa, sending copies of itself to addresses in a victim’s
Microsoft Outlook address book.
But while Melissa seemed designed to snarl up computer networks everywhere,
Papa targets a specific person, Fred Cohen, a security consultant in
Livermore, Calif.
The virus, which is transmitted by e-mail in a Microsoft Excel file named path.xls, attempts to launch a ping flood on Cohen’s web site at all.net, as well as on the IP address of Cohen’s connection to the @Home Network cable Internet access service.
Cohen was among the first in the security community to publicize information about Caligula, a macro virus capable of stealing a victim’s PGP private keyring. PGP is a popular encryption software package.
In a posting to a security mailing list last month, Cohen called on the Internet community to attack the web site of the Codebreakers, a virus writer’s group to which Caligula’s author belongs.
Cohen Tuesday confirmed the Papa virus is some sort of retaliation for
his actions. But Cohen said there’s been collateral damage to innocent
Internet users, including severe performance degradation to the @Home Network.
“It’s not an eye for an eye. They’re causing damage to the infrastructure
and inconvenience to people who get the virus. If they pester me, I don’t
care and nobody else cares. But if they take down the infrastructure,
they’ll go to jail.”
@Home Network representatives were not available to confirm whether the
attack on Cohen’s IP address has impacted performance of the network.
Many antivirus software vendors have already released updates to detect and
clean Papa. Keith Peer, president of Central Command, distributor of
AntiViral ToolKit Pro said Papa is already spreading
fast. His firm is receiving dozens of reports every hour.