'Melissa' Virus Hits Internet, May Cause Havoc Monday
By Dick Satran
SAN FRANCISCO (March 28) - A virus that spreads a list of pornography sites
via e-mail hit computers over the weekend and threatened havoc Monday as
workers return to offices and begin opening messages sent over the Internet.
The virus, called ''Melissa,'' comes in the form of a document that lists
pornography sites on the World Wide Web.
Computer experts said the virus was aimed at widely used Microsoft Windows-
based e-mail address book software, Outlook and Outlook Express, and it can
send up to 50 additional versions of the e-mail to other users, threatening a
widespread infection of computer systems.
That could create a flood of unwanted e-mails around the Internet as the
program perpetuates itself using pre-programmed ''macros,'' software embedded
in the Windows operating system that sets off complex computer functions with
''It could grow explosively and shut down e-mail systems as a side effect,''
Eric Allman, co-founder of the Emeryville, Calif.-based Sendmail, a widely
used provider of e-mail services, said in an interview Sunday.
A number of leading software security firms and academic experts posted
warnings about the e-mail threat, including Network Associates, the leading
anti-virus software maker.
''Melissa is widely reported and spreading quickly via mass e-mail, a function
of the viral infection,'' said Network Associates based in Santa Clara, Calif.
Carnegie Mellon University's Software Engineering Institute issued an
advisory, which said, ''The number and variety of reports we have received
indicate that this is a widespread attack affecting a variety of sites.''
The only damage the virus causes is that it replicates itself and creates a
flood of e-mail, though it apparently does not hurt the computer itself,
The real danger is that the virus will overwhelm the server computers that
handle computer messaging systems, which could lead to system shutdowns as
each e-mail multiplies itself 50 times. Already, a wave of the e-mails has
been sent out and awaits office workers Monday morning.
''It's not doing malicious things or removing files or anything like that,''
Allman said. ''I've heard claims that it has been doing more but I haven't
seen any substantial verification of that. It's really more of a wake-up call,
that shows us how you could take a malicious virulent virus and reproduce it
all over the place very quickly.''
Computer experts warned users to be wary of documents sent from any senders
asking them to open up a file for Microsoft Word. That file, in turn, asks for
a prompt asking users whether they want to initiate a ''macro,'' and requires
users to approve its use. Those checkoffs make it relatively easy to avoid the
Microsoft itself has simply warned users to ''be careful about what runs on
their machine,'' the New York Times reported. Carnegie Mellon said, ''our
analysis indicates that human action (in the form of a user opening an
infected Word document) is required for this virus to activate.''
The virus can be identified, Network Associates said, because it will read
''Important Message From Application.UserName.'' The body of the text reads
''Here is that document you asked for ... don't show anyone else'' and
contains a list of pornographic Web sites.
Melissa creates the following entry in the registry:
Network Security said that to avoid the risk of contracting the Melissa virus,
''it is recommended that network administrators and users upgrade their anti-
virus software to include detection and cleaning for W97M/Melissa.''
Network Security posted information about the virus on its the Web site of its
Avert Labs division (http://www.avertlabs.com), Sendmail also posted advice on
the Melissa problem at http://www.sendmail.com and Carnegie Mellon posted
information on its site as well (http://www.cert.org).
Computer experts said that if advisories were followed, the problem would
probably not become a widespread worry.
''I suspect we'll see a day or two of extremely high e-mail loads and then it
will just die out, so in some sense this virus is not that critical but it's
one what demonstrates what could happen if a truly malicious virus were
released,'' Sendmail's Allman said. ''The ability to spread something so
broadly is scary.''
Copyright 1999 Reuters Limited. All rights reserved. Republication or
redistribution of Reuters content, including by framing or similar means, is
expressly prohibited without the prior written consent of Reuters. Reuters
shall not e liable for any errors or delays in the content, or for any actions
taken in reliance thereon. All active hyperlinks have been inserted by AOL.
This is an automatically-generated notice. If you'd like to be removed
from the mailing list, please visit the Medicine-On-Line Discussion Forum
at <http://www.meds.com/con_faq.html>, or send an email message to:
with the subject line blank and the body of the message containing the line:
unsubscribe mol-cancer your-email-address
where the phrase your-email-address is replaced with your actual email