| Back
The name "Melissa" reminds
you of a pretty young lady. However, the Melissa virus, called
W97M_Melissa, is far from being a lady or being pretty in any respect.
It all started when the poster
"Sky Roket" introduced a file containing a list of 80
pornographic sites in the news group "alt.sex" on March 26,
1999. It had the list of sites and the virus - Melissa.
What does it do?
 Infects Word Documents
(Word 97 & above)
Emails itself using MS
Outlook (*not* Outlook Express)
Changes settings to ease
infection
Changes settings to avoid
detection
How it works?
Melissa is a macro virus. It infects Word Documents in Word 97 and above
versions of Word. It works like this:
When the document is
opened in Word, it copies itself on NORMAL.DOT file.
All other documents use
NORMAL.DOT and are automatically infected.
The virus code runs, every
time you open or close a document as it adds the registry key.
HKEY_Current_User/Software/Microsoft/Office/Melissa?
It changes settings of Word
to disable macro security features.
It launches MS Outlook and
sends an email with following message to 50 users from the AddressBook:
There is another "game" that
the virus plays. It inserts the following text in the infected document
if it is opened at when the day = minute.
"Twenty-two points, plus triple-word-score, plus fifty points
for using all my letters. Game's over. I'm outta here."
(without italics & quotes)
For example, if the date is April 2, 1999 and you open a document at
12:02pm, the text will be inserted in your document.
Detailed technical description of
Melissa can be found at ZDhelp.
Do I have it?
The simplest way to check it is to use House
Call by Trend
Micro. House
Call is a free service and it scans your hard drive online
giving you an option to clean the virus too. It takes considerable
amount of time to load and scan though.
Other sites are:
Frisk Software's F-PROT
Network
Associates' VirusScan
Symantec
Norton Anti-Virus
TrendMicro
Who gained?
Melissa is spreading like a chain reaction all across the Internet. It
seems more than likely that it is the result of a well-planned effort
for some material benefit.
The major gainers due to Melissa are:
The 80 pornographic sites
included in the list. Their sites have been promoted all throughout the
world, for free? There is a parallel advertising in such illegal sites
which pays, most times, more than "legal" sites.
AntiVirus software
manufacturers in terms of bumper
sales and increased stock value.
Media sites such as CNET,
ZDnet,
CNBC,
etc. in terms of increased hits.
Coastline.com
for quickly pouncing upon the opportunity and registering MelissaVirus.com
on March 29, 1999 (3 days after introduction).
Virus writers in terms of
free "publicity" and feeling of being a "crusader" against
peace and ease of computing.
Who did it?
The major suspect is Sky Rocket - Scott Steinmetz, a Civil Engineer,
whose AOL account was used to post the virus. He has, obviously, denied
any knowledge of hacking or anything to do with Melissa. Apart from
Melissa, his account had been used for spreading some other viruses in
the past.
Consolidated research using Global
Unique Identifier or GUID, leads to the direction of VicodinES,
who has a background of writing viruses. Roger Sibert, the systems
administrator for Source
of Kaos (site taken down), has said that VicodinES has "gone
into retirement." It is interesting that VicodinES has written
an article on Computer Virus distribution, just before going into
"exile". Did he "go into retirement" to write
Melissa? No one knows for sure. ZDNet has a discussion
by Jim Louderback on the legal aspects of the case.
It could be either Scott, VicodinES, or
someone else. It seems unlikely that Scott would have written an
"intelligent" virus as Melissa and sent it by his own id.
VicodinES or someone else who has written the virus might have been
caught unawares by the GUID.
FBI
has entered
the foray with closing of SourceOfKaos.com and Codebreakers.org and
is hot on the trial of VicodinES. It is time that they actually did
something about the "freedom" to do anything on the Internet
and get away with it.
Updated news:
Melissa creator, identified as David L. Smith, was arrested
in New Jersey and faces
several charges including interruption of public communications and
third-degree theft of computer services. The charges carry a maximum
penalty of 40 years in prison and a $480,000 fine. They key to cracking
the case was the
information by AOL. The GUID investigation did not play an important
role. David has been released on a bail of $100,000. Melissa is named
after a topless dancer from Florida.
The reaction to his arrest has been diverse.
The major sufferers, the system administrators, ISPs, etc. demand for a
stringent punishment, while others are less strict about it. Like
always, someone has conveniently blamed
it on Microsoft.
What's the
impact?
More and more viruses
are being made on the lines of Melissa - 'Papa', 'Mad Cow' &
'Syndicate' are the major ones identified. A combination with
"products" such as Back Orifice, NetBus, etc. will be totally
disastrous.
David Berlind from PC Week has tried to
estimate
what Melissa might cost to the society. Although it is difficult to
quantify, it might be not less than few Billion dollars.
Where can I know
more?
The best place to visit for more information about Melissa is MelissaVirus.com.
It links to all the news, views, articles and the latest information.
Back
|