WebTV hit by Melissa-like bug

WebTV has been hit by a self-replicating bug that is wreaking havoc with the network's message boards and newsgroups, a situation that knocks back the company's claim that it is immune to viruses and security holes.

The problem, which some are calling the "Flood Virus," gets inside the email system of WebTV owners and prompts the WebTV set-top box to litter bulletin board and newsgroup sites on the company's network with redundant junk mail. Like the Melissa virus, the malicious WebTV code sends out the emails under a user's name without their knowledge.

Melissa-type viruses cause damage by clogging email servers of corporations and organizations with illegitimate emails. For WebTV users, the chief problem so far has been in trying to read the intra-network Web sites. Bulletin boards on the WebTV network only show five postings at a time. An outbreak of the Flood Virus therefore makes it very difficult for users to find relevant messages on the board.

Subscribers also face potential embarrassment, as emails under their names are posted to newsgroups without their knowledge.

Microsoft, which owns WebTV, has confirmed the existence of the problem but claims the situation is a hack rather than a virus. The company added that the problem is not widespread.

Whatever the root cause of the problem, the situation is a black eye for the service. One of WebTV's marketing pitches has been that subscribers do not have to worry about rogue viruses on the Internet.

Microsoft also has had a tempestuous relationship with segments of its subscriber base over technological issues in the past. After gaining attention as the first firm to offer Internet service through the television, WebTV has struggled to build its subscriber base and has encountered criticism from users for failing to support standard Web technologies such as Java. The company was acquired by Microsoft in 1997.

WebTV was recently forced to reverse course and remove banner ads from emails viewed and stored on the site in response to a flood of customer complaints. The backlash comes as WebTV faces a looming challenge from Internet service giant America Online, which is set to launch its AOL TV sometime this summer.

The problem was first discovered by Net4TV, which tracks interactive television. Net4TV came up with the Flood Virus name.

"It's absolutely self-replicating. It inserts the virus code into the signature upon opening the email or going to the newsgroup," said Brian Bock, editor in chief at Net4TV.

The general public does not have to worry about the flaw. It can only come in emails from WebTV units, and it only affects other WebTV boxes. In addition, all of the excess mail is currently being directed at newsgroups and bulletin boards on the company's network.

Watch video

The WebTV network is written mainly in HTML, and the company uses HTML shortcuts for certain network features, according to Net4TV. Shortcuts within user's email signature files, the calling card at the bottom of an email message, serve as the entryway for the malicious code. The code manipulates the signature file and then prompts the Web TV unit to post repeatedly to WebTV newsgroups.

WebTV representatives could not confirm this account of how the network is set up. Nonetheless, they acknowledged it exists.

"It's a fundamental flaw in the WebTV architecture," Bock said.

Although WebTV currently counts about 1 million subscribers, Microsoft is marketing portions of the service along with its TV Pak to cable service providers as Microsoft TV. If portions of the WebTV browser are easily susceptible to these types of attacks, Bock said, it does not bode well for Microsoft TV if it is installed on a widespread basis through cable providers.

"It points to a larger problem," he said, calling for an independent security analysis of the WebTV architecture, similar to the one that took place with Microsoft's Hotmail free email service after suffering repeated privacy breaches. "It points to what else may be going on under there."

For its part, WebTV says the problem has only hit a very small number of WebTV Classic users. According to Microsoft, hackers combined two known WebTV hacks: one that inserts malicious code into the user's email signature file, and one that inserts malicious code into postings on the newsgroup itself.

"These two codes were linked together," a representative said, asserting that only 14 of the 594,000 WebTV Classic users have reported being infected with the bug. WebTV had previously created fixes for the two separate problems when they originally surfaced. The company is working on a more comprehensive patch to be released next week.

In the meantime, users should open their signature file to check if any new text or code has been inserted, the WebTV representative said.