Until now, we have seen the anatomy of a computer virus, its modus operandi and symptoms. To complete this series, I am going to discuss few of the most deadly virus species. These may not be the latest in the offering but are important study materials because they are the source of inspiration for new variants. First on this list is Melissa.
Also known as WM97, Melissa made its first appearance in late 1998. According to its nature, it is a Macro virus. Specifically targeted at Microsoft Word 97/2000, this is supposed to be the first in-the-wild virus which accelerates its spread via email.
If you have Microsoft OutLook98 installed (Latest variants also known to work with Outlook Express 5), the virus will send itself to the first 50 names in your address book.
The message sent by the original Melissa variant contains this subject:
Important Message From xxxxx
(Where "xxxxx" is the name of the sender, who is most likely someone that you know and who is probably unaware that they are infected.) This is not the only subject of the infected mail you may receive. Different Melissa variants have their own subjects. Try to recognize the pattern of the subject rather than the subject itself.
This e-mail is accompanied by an attachment List.doc (may be different also). This may contain sultry pornographic material. When this file is opened, Melissa lowers the computer security levels and permits use of all macros without warning.
The virus sets the registry key:
to a value of "... by Kwyjibo" and emails copies of itself to the first 50 people in your address book, if the above key is not already present. The virus will infect the default template file and all newly created documents on the infected system. So all word documents created henceforth will be infected. if the minute of the hour matches the day of the month, the virus will insert into the current document the message
"Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here."
Damage caused by this virus is variant dependent. Some are known to damage data and corrupt files. Since this is an old virus, all latest anti-virus software readily detect this virus. This is only if you have a virus scanner on all the time. If not, take the following precautions.
Scan all emails with attachments.
Never open any executable attachments unless you have specifically requested the file. (MS Office files, such as MS Word documents and Excel Spreadsheets can contain programs that are automatically executed when you open these files.)
Whenever you run a new program for the first time, run an integrity check to make sure that nothing changed on your PC that shouldn't be. This will help protect against threats like Happy99 and Melissa but will also prevent damage from poorly designed or buggy programs.
Unless you absolutely need to use macros, disable them. (This applies to any program that is foolish enough to have macros that can be executed automatically without the user being aware but the threat is greatest with MS Word and MS Excel.)
Note: In MS Word2000 make sure your security setting is set to "high" (click on Tools/Macro/Security). This will give a warning before executing any document with a macro.
Next time, we'll take a look at I Love You virus which created headlines and is the most damage-causing virus of 2000.