Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user's address books. While it does not destroy files or other resources, Melissa has the potential to disable corporate and other mail servers as the ripple of e-mail distribution becomes a much larger wave. On Friday, March 26, 1999, Melissa caused the Microsoft Corporation to shut down incoming e-mail. Intel and other companies also reported being affected. The U. S. Department of Defense-funded Computer Emergency Response Team (CERT) issued a warning about the virus and developed a fix.
How Melissa Works
Melissa arrives in an attachment to an e-mail note with the subject line "Important Message from ]the name of someone[," and body text that reads "Here is that document you asked for...don't show anyone else ;-)". The attachment is often named LIST.DOC. If the recipient clicks on or otherwise opens the attachment, the infecting file is read to computer storage. The file itself originated in an Internet alt.sex newsgroup and contains a list of passwords for various Web sites that require memberships. The file also contains a Visual Basic script that copies the virus-infected file into the normal.dot template file used by Word for custom settings and default macros. It also creates this entry in the Windows registry:
The virus then creates an Outlook object using the Visual Basic code, reads the first 50 names in each Outlook Global Address Book, and sends each the same e-mail note with virus attachment that caused this particular infection. The virus only works with Outlook, not Outlook Express.
In a small percentage of cases (when the day of the month equals the minute value), a payload of text is written at the current cursor position that says:
"Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game's over. I'm outta here."
The quote refers to the game of Scrabble and is taken from a Bart Simpson cartoon.
The virus also disables some security safeguards. These are described by CERT and the anti-virus software sites.
How to Avoid Melissa
Avoiding Melissa does not mean you can't read your e-mail - only that you have to screen your notes and be careful about what attachments you open.
If you get an e-mail note with the subject, "Important Message from [the name of someone]," and it has an e-mail attachment (usually a 40 kilobyte document named LIST.DOC), simply DO NOT OPEN (for example, do not click on) the attachment. Write down the e-mail address of the person it came from. Delete the message. Then send a note to the sender so that they know that their computer has been infected.
As a rule, viruses are named by antivirus companies, who avoid using proper names. The Melissa virus was named by its creator, David Smith, for a Miami stripper.
Continue Reading About Melissa virus
- Avert Labs also offers some cures for Melissa and describes combinations of updates to get from their site.
- Users of the sendmail program can get a fix at Sendmail's Web site . The CERT advisory provides Web addresses for other anti-virus software products.
- Jesse Berst's Invasion of the Email Snatchers! provides a nice summing-up and links to other helpful ZDNet pages.
Dig Deeper on Email and messaging threats