Melissa: She's Baaaack!
A new strain of the Melissa macro virus is out there,
making the rounds the same way it did when it clobbered computer
systems worldwide nearly two years ago.
Except this time, the Melissa remake was hatched from a Macintosh,
said Patrick Martin, an anti-virus response manager with Internet security
provider Symantec, warning Mac and PC users to delete questionable
e-mails and maintain an up-to-date anti-virus product.
"The fact that were getting Mac files that are infected with this worm is
kind of unusual," Martin told Newsbytes tonight.
A Microsoft Mac Office 2001 user saved a Melissa-infected file, then
e-mailed it to a MS Word 97 user. As soon as the recipient opened the
document, it sent itself to 50 other Microsoft Outlook users whose
addresses
were plundered from the program's address book.
The ensuing blizzard of e-mails can jam servers, modify MS Word settings,
infect documents and templates and may e-mail sensitive documents,
Symantec said.
The invading e-mail messages carry a subject line that reads, "Important
Message From (Application.UserName)" with text saying, "Here is that
document you asked for ... don't show anyone else ;-)." The attachment
name is Anniv.DOC.
Martin said the new variant of Melissa, which was discovered in the past
day, bears two lines of source code that are different from the
original Melissa. It is believed to be the first time such a virus has been
created in a Mac, he said.
If a user does not have Outlook, the bug will not be able to e-mail itself
but could conceivably replicate itself and infect other documents on
a system.
Symantec has assigned the new strain, which it is calling Melissa.W,
a level 4 alert on a scale of 5, Martin said.
"It's kind of high only because it's Melissa," Martin said. "We think it's
actually going to be pretty well contained. We don't want people
to panic, but we'd rather be safe than sorry."
The active infected document is attached and the e-mail is sent, delivering
a list of pornographic Web sites to unsuspecting recipients, Net security
services provider McAfee said in a warning on its site.
"Opening infected documents will directly infect the local Word
environment
and any document used thereafter," McAfee said.
A second payload unleashes once per hour at the number of minutes
past the hour corresponding to the date, Symantec said. If an infected
document is opened or closed at the appropriate minute, a sentence bearing
vague references to the game of Scrabble is inserted into the document:
"Twenty-two points, plus triple-word-score, plus fifty points for using
all my
letters. Game's over. I'm outta here."
In 1999 the original Melissa virus caused an estimated $80 million damage
to
computers and systems worldwide. It attacked thousands of e-mail
systems using the subject line "important message," spreading the
infection
around the world chain letter style.
Its creator, David L. Smith, was arrested and pleaded guilty to state
and federal charges. Authorities said Smith named the virus after a topless
dancer.