N.J. man charged in computer virus

Melissa bug preys on e-mail systems around the world

April 03, 1999|By Mark Ribbing and Michael Stroh | Mark Ribbing and Michael Stroh,SUN STAFF

State and federal officials in New Jersey said yesterday that they have found the Melissa computer virus' creator: a 30-year-old computer programmer who purportedly named the glitch after a topless dancer in Florida.

The suspect, David L. Smith of Aberdeen Township, N.J., was arrested by state police Thursday night at his brother's house in nearby Eatontown.

Since its emergence March 26, the Melissa virus has attacked e-mail systems around the world. Melissa propagates itself whenever a user opens an e-mail message containing an infected document. The virus sends an e-mail to the first 50 entries on the user's electronic address list, putting e-mail systems at risk of overload.

Some major companies, including Lockheed Martin Corp. in Bethesda, severely restrictedemployees' e-mail usage after the virus struck.

"We view any kind of virus or intrusion like [Melissa] as a very serious threat to security in terms of the nation's infrastructure on all levels," said William R. Evanina, a special agent in the FBI's Newark, N.J., office.

Numerous charges

Smith was charged with numerous state offenses, including interruption of public communication, theft of computer service, and damage or wrongful access to computer systems.

If convicted, he faces up to 40 years in prison and $480,000 in fines.

Smith was held briefly at Monmouth County Jail but was released yesterday morning on $100,000 bail. Authorities have not yet set a date to take the case to a grand jury.

"The individual arrested is presumed innocent until proven guilty but clearly, we believe we have the person responsible for Melissa," said New Jersey Attorney General Peter Verniero.

The trail that led to Smith's capture was littered with enough false leads and dead ends to fill an Agatha Christie novel.

Investigators began with few clues: The message containing the Melissa virus was first discovered on the online newsgroup "alt.sex" and was posted through America Online Inc. by someone using the handle "SkyRoket."

Researchers at Phar Lap Software in Cambridge, Mass., dissected Melissa and discovered a numeric "fingerprint" embedded inside the virus called the Global Unique Identifier, or GUID. It is a serial number contained in some Microsoft Corp. software.

By comparing the GUID buried in Melissa to those contained in other viruses, the Phar Lap team concluded the most likely candidate was a virus writer known as VicodinES.

Following the trail

Federal investigators and journalists traced the SkyRoket account to the doorstep of Steve Steinmetz, a civil engineer in Lynnwood, Wash. Steinmetz told the FBI he had never heard of VicodinES, had nothing to do with the Melissa episode and vowed to drop his AOL account.

Then the trail branched off in strange directions.

Some computer experts started to cast doubt on the VicodinES theory. It turned out that the GUID serial number identifies the original creator of a document but not those who later modify it.

Since computer virus writers often borrow heavily from one another's work, that meant the GUID code could have rubbed off on several viruses. And by midweek some virus experts said the evidence inside Melissa pointed not to VicodinES but to another well-known virus writer.

"Tracing a computer virus back to the writer is just as hard as tracing a biological virus back to the person who got infected. There are very few clues," said Steve R. White, an authority on computer viruses at IBM's Thomas J. Watson Research Center in Yorktown Heights, N.Y.

Tip from AOL

America Online alerted New Jersey officials and the FBI Tuesday that the virus might have originated in Monmouth County. Authorities focused their search on Smith after reviewing AOL's information and tracing records of phone-line Internet transmissions.

Federal and state law enforcement officials searched Smith's apartment Thursday afternoon and found computer records allegedly linking him to the virus. They then got a warrant for Smith's arrest from a Monmouth County Superior Court judge.

The state attorney general's office said Smith was "definitely not" VicodinES, but also said investigators believe he took two viruses -- one of which came from VicodinES -- and combined them with another virus to create Melissa.

State officials said yesterday that Smith had done programming work for AT&T Corp. as a subcontractor, but they said they did not yet know what company, if any, is or was his direct employer.

"The investigation is still alive," said Paul Loriquet, a spokesman for the New Jersey attorney general's office.

That office said yesterday that Smith used to live in Florida, and that a dancer there served as the source of the name for the virus. Later, the office said it would neither confirm nor deny this.

Whether or not the creator of the Melissa virus has been caught, computer industry experts say, infestations like Melissa may be with us to stay.

"I think the lesson is that this is a new chapter in the history of computer viruses," said IBM's White.

"It's been possible to write these fast-spreading viruses for a long time and now somebody has. The Pandora's box is open."

The Associated Press contributed to this article.

Pub Date: 4/03/99

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.