Melissa (computer virus)

(Redirected from Melissa worm)

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

Melissa
Technical name
TypeMacro virus
AuthorsDavid L. Smith
Technical details
PlatformWindows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP[2]

Description

edit

The virus was released on March 26, 1999, by David L. Smith.[3] Smith used a hijacked AOL account to post the virus onto an Internet newsgroup called "alt.sex."[4] It soon ended up on similar sex groups and pornographic sites before spreading to corporate networks. However, the virus itself was credited to Kwyjibo, a macro virus writer for VicodinS and ALT-F11, by comparing Microsoft Word documents with the same globally unique identifier. This method was also used to trace the virus back to Smith.

The "list.doc" file contains a Visual Basic script that copies the infected file into a template file used by Word for custom settings and default macros. If the recipient opens the attachment, the infected file will be read to computer storage. The virus then creates an Outlook object, reads the first 50 names in each Outlook Global Address Book, and sends a copy of itself to the addresses read.[5] Melissa works on Microsoft Word 97, Microsoft Word 2000 and Microsoft Outlook 97 or 98 email clients. Microsoft Outlook is not needed to receive the virus in email, but it is unable to spread via other emails without it.

A second payload occurred when the current minute matches the day when it is being launched, where the quote "Twenty-two points, plus triple-word-score, plus 50 points for using all my letters. Game's over. I'm outta here." is inserted into open Microsoft Word documents. This, and the Kwyjibo alias used in the macro script, both derive from an episode of The Simpsons, Bart the Genius.[6]

Impact

edit

The virus slowed down email systems due to overloading Microsoft Outlook and Microsoft Exchange servers with emails. Major organizations impacted included Microsoft, Intel Corp,[7] and the United States Marine Corps.[8] The Computer Emergency Response Team, a Pentagon-financed security service at Carnegie Mellon University, reported 250 organizations called regarding the virus, indicating at least 100,000 workplace computers were infected, although the number is believed to be higher.[9] An estimated one million email accounts were hijacked by the virus.[10] The virus was able to be contained within a few days, although it took longer to remove it from infected systems entirely. At the time, it was the fastest spreading email worm.[citation needed]

Arrest

edit

On April 1, 1999, Smith was arrested in New Jersey due to a tip from AOL and a collaborative effort involving the FBI, the New Jersey State Police, Monmouth Internet, a Swedish computer scientist, and others. Smith was accused of causing US$80 million worth of damages by disrupting personal computers and computer networks in business and government.[11][12]

On December 10, 1999, Smith pleaded guilty to a second-degree charge of computer theft[13] and a federal charge of damaging a computer program due to releasing the virus.[6]

On May 1, 2002, he was sentenced to 20 months in federal prison and fined USD $5,000.[14][15]

See also

edit

References

edit
  1. ^ "Virus:W32/Melissa Description | F-Secure Labs". www.f-secure.com.
  2. ^ "W97M.Melissa.A". Symantec. Archived from the original on November 10, 2006. Retrieved 9 February 2013.
  3. ^ Poulson. "Justice mysteriously delayed for 'Melissa' author". The Register.
  4. ^ "Melissa Virus". Federal Bureau of Investigation. Retrieved 2022-04-01.
  5. ^ "What is the Melissa Virus?". SearchSecurity. Retrieved 2022-04-06.
  6. ^ a b "Melissa virus creator pleads guilty". BBC. 1999-12-09.
  7. ^ "Melissa virus hits Outlook e-mail - Mar. 29, 1999". money.cnn.com. Retrieved 2022-04-01.
  8. ^ McNamara, Paul (2014-03-25). "Melissa virus turning 15 … (age of the stripper still unknown)". Network World. Retrieved 2022-04-01.
  9. ^ Markoff, John (1999-03-30). "Digital Fingerprints Leave Clues to Creator of Internet Virus". The New York Times. ISSN 0362-4331. Retrieved 2022-04-01.
  10. ^ "Melissa Virus". Federal Bureau of Investigation. Retrieved 2022-04-01.
  11. ^ Tracking Melissa's alter egos, ZDNet, 1999-04-02
  12. ^ "The Melissa Virus: An $80 Million Cyber Crime in 1999 Foreshadowed Modern Threats". Federal Bureau of Investigation. Retrieved 2022-10-24.
  13. ^ Lemos, Robert. "Smith pleads guilty to Melissa virus". ZDNet. Retrieved 2022-04-01.
  14. ^ "Creator of Melissa Computer Virus Sentenced to 20 Months in Federal Prison" (Press release). U.S. Department of Justice. 2002-05-01. Retrieved 2006-08-30.
  15. ^ "Press Release: Creator of Melissa Computer Virus Sentenced to 20 Months in Federal Prison (May 1, 2002)". www.justice.gov. Retrieved 2020-01-05.
edit