Melissa's long gone, but lessons remain

(continued from previous page)

most common types of executable files. The list of blocked file types has grown to about 70 and includes Word documents, screensaver attachments and Active Server Pages.

Microsoft had previously introduced digitally signed macros for its Office documents, as a way to combat macro viruses. But only after the Melissa onslaught was the feature really used.

Those defensive measures and the higher efficiency of binary viruses like AnnaKournikova, which use executable programs rather than application features to reproduce, helped knock back macro viruses. In lists of top 10 infectors, the number of such viruses fell quickly from five in 1999 to two in 2001. Since 2002, macro viruses have not been a significant viral threat.

On the other side of the equation, Melissa also held a lesson for virus writers. The electronic trail left by David L. Smith, author of the malicious code, spawned a worldwide manhunt. Smith's mistakes, including dialing up from his home to a stolen America Online account to post the virus in newsgroups, eventually led authorities directly to the New Jersey resident. The Melissa writer served 19 months of a 20-month sentence and was released in December 2004.

The successful prosecution is responsible for stopping a lot of virus writing activity in the United States, security consultant Richard Smith said. "I think for Americans, it caused them to think twice about writing viruses," he said.

Yet that success is largely the exception, not the rule, for such investigations. While some high-profile cases--such as the arrest of MafiaBoy for several denial-of-service attacks and the arrest of the self-confessed author of the Sasser worm--could be held up as warnings, most cybercrimes go unpunished. Even with the creation of a bounty by Microsoft on the larger incidents, and the success of that program in drawing out a solid lead to Sasser's author, arrest rates are low.

In many ways, Melissa may represent an age of innocence for viruses, when the criminals were easy to catch and the viruses were easy to stop. As virus writers target new areas and organized crime enters the picture, the future starts to look darker and more tech noir.