Definition

Melissa virus

Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user's address books. While it does not destroy files or other resources, Melissa has the potential to disable corporate and other mail servers as the ripple of e-mail distribution becomes a much larger wave. On Friday, March 26, 1999, Melissa caused the Microsoft Corporation to shut down incoming e-mail. Intel and other companies also reported being affected. The U. S. Department of Defense-funded Computer Emergency Response Team (CERT) issued a warning about the virus and developed a fix.

How Melissa Works

Melissa arrives in an attachment to an e-mail note with the subject line "Important Message from ]the name of someone[," and body text that reads "Here is that document you asked for...don't show anyone else ;-)". The attachment is often named LIST.DOC. If the recipient clicks on or otherwise opens the attachment, the infecting file is read to computer storage. The file itself originated in an Internet alt.sex newsgroup and contains a list of passwords for various Web sites that require memberships. The file also contains a Visual Basic script that copies the virus-infected file into the normal.dot template file used by Word for custom settings and default macros. It also creates this entry in the Windows registry:

HKEY_CURRENT_USERSoftwareMicrosoftOffice"Melissa?"="...by Kwyjibo"

The virus then creates an Outlook object using the Visual Basic code, reads the first 50 names in each Outlook Global Address Book, and sends each the same e-mail note with virus attachment that caused this particular infection. The virus only works with Outlook, not Outlook Express.

In a small percentage of cases (when the day of the month equals the minute value), a payload of text is written at the current cursor position that says:

"Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game's over. I'm outta here."

The quote refers to the game of Scrabble and is taken from a Bart Simpson cartoon.

The virus also disables some security safeguards. These are described by CERT and the anti-virus software sites.

How to Avoid Melissa

Avoiding Melissa does not mean you can't read your e-mail - only that you have to screen your notes and be careful about what attachments you open.

If you get an e-mail note with the subject, "Important Message from [the name of someone]," and it has an e-mail attachment (usually a 40 kilobyte document named LIST.DOC), simply DO NOT OPEN (for example, do not click on) the attachment. Write down the e-mail address of the person it came from. Delete the message. Then send a note to the sender so that they know that their computer has been infected.

As a rule, viruses are named by antivirus companies, who avoid using proper names. The Melissa virus was named by its creator, David Smith, for a Miami stripper.

This was last updated in April 2005
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: