 |
|
| Vol. 18, No. 25 | March 25, 1999 |
|
|
|
|
|
| Vol. 18, No. 25 | March 25, 1999 |
|
|
|
Rishi KhanA 19-year-old University of Delaware student, Rishi Khan of Wilmington, Del., was instrumental in unlocking the twisted programming secrets of "Melissa," the most contagious computer virus ever concocted, according to an article in the April 12 issue of Newsweek.
Khan, the son of Eileen and Subhotosh Khan, was cruising the Internet the evening of March 26 when he logged onto an antivirus newsgroup site and spotted a message from cybersleuth Richard Smith, president of Phar Lap Software of Cambridge, Mass.
Smith, with assistance from a Swedish researcher, was investigating similarities between Melissa and other viruses created by a computer vandal using the name, "VicodinES" (a type of narcotic painkiller). On the web, Smith asked fellow coders for help in solving the high-tech whodunnit.
A senior majoring in computer engineering at UD, Khan went straight to work, deciphering Melissa's code and comparing it with various other viruses. Soon, he learned that Melissa was extremely similar to the Shiver virus, created by a vandal known as "ALT-F11."
Meanwhile, because Microsoft programs embed a "digital fingerprint" called a GUID in all the work produced on a particular computer, Richard Smith, on March 28 traced the Melissa virus to a David L. Smith of Aberdeen Township, N.J., whose name he passed along to the Federal Bureau of Investigation.
After America Online's technical team also traced the Melissa virus to David Smith, he was arrested April 1, and now faces up to 40 years in prison and a $480,000 fine. According to one source cited by Newsweek, Smith may have named the Melissa virus after a topless dancer in Florida.
Khan's persistent research made it possible to better understand the Melissa virus, which should prove useful to authorities, Richard Smith told Update.
"He's a very bright kid," the Phar Lap Software executive said. "He obviously knows how to do a lot of stuff with network programming. He solved a lot of things even I didn't see, and I'm 45!"
Khan's research professor at UD, John Elias, an associate professor of electrical and computer engineering, agreed. "He's a remarkable student, one of the best undergraduates that I've seen in my 10 years at UD," Elias, head of the University's Neuromorphic Systems Laboratory. "He has very broad, diverse group of interests."
Identifying Melissa's author was "sort of a race," involving three separate teams of investigators, working in parallel, Richard Smith said. His group of cybersleuths– including Khan– formed one group. The FBI and New Jersey state authorities were the other two, simultaneously searching for a suspect.
Unleashed March 26, Melissa wreaked havoc for computer users for about a week, until antivirus companies distributed a cure.
Described by Newsweek writer Steven Levy as "a silicon social disease," the Melissa virus alerts electronic mail users to "an important message," then delivers a file containing the passwords to pornographic web sites.
At the same time, Melissa grabs the first 50 names from the victim's address book and begins sending the same embarrassing message to friends and colleagues.
The Melissa virus "brought some businesses to a standstill on March 26, but the University was largely unaffected," said Elizabeth Miller of UD's Information Technologies/User Services.
"A couple UD employees did receive the Melissa e-mail, but they weren't using the type of communications software the virus targets, so the message wasn't recirculated," she added.
And, within days, Miller reports, anyone using the susceptible software had received a Melissa repellent, so the campus was secure.
Could the suspect in the Melissa case, David L. Smith, be the notorious computer vandal, VicodinES?
Is he also the hacker, ALT-F11, author of the Shiver virus?
Khan offers this response: "His name comes up a lot in the files that VicodinES wrote, and since America Online did a hardware trace and came up with the same person, that seems to incriminate him as VicodinES. We're still investigating ALT-F11. The Shiver virus, created by ALT-F11, had many similarities to Melissa."
Khan said his primary interest is in artificial intelligence. His research professor, John Elias, said Khan assists him in using integrated circuit technology to build "silicon neurons," which mimic human nervous systems. The work may be useful in developing advanced robotics systems, Elias said.
Khan's father, Subhotosh Khan, is a mechanical engineer. His mother, Eileen Khan, graduated from UD with a degree in computer and information sciences. Her work involves teaching children to use computing technologies, Khan says.
To safeguard computers on campus, Miller said, "Make sure you have antivirus software, and keep it current!" Updating antivirus software is as easy as logging onto the web at <http://www.udel.edu/topics/virus/drsol/>.
Members of the campus community may also call 831-6000, or write to <consult@udel.edu>.
--Ginger Pinholster
