Revamped Melissa requires antivirus update

by Lincoln Spector
Be the first to comment | I like it!
More »
on this topic
January 23, 2001, 03:58 PM —  Network World — 

Remember Melissa? It's been almost two years since that infamous worm swept through the world's e-mail servers, spreading faster than any virus ever had before. Now a new variant of Melissa threatens to get past the defenses designed to protect us from the original.

Reports of the new strain, Melissa.W, started appearing midweek, mainly in Europe. By Thursday afternoon the Symantec Corp. Antivirus Research Center had upgraded the variant's severity rating to Category 4 (Severe).

Not surprisingly, the major antivirus companies are rushing to get out their solutions. Most of the first fixes will likely be definitions specific to Melissa.W. Some products can identify the new strain of the virus without yet repairing it.

The definition will also be part of McAfee.com Corp.'s next weekly update, due to become available on January 24. Symantec expects to have a fix available on Friday.

Subject Lines to Watch For

In most ways, the new Melissa acts pretty much like the old one. The macro-based worm comes alive when you open an infected Word file, spreading to other documents and mailing itself as an attachment to the first 50 listings in your Microsoft Outlook address book. If one of the recipients opens the attachment, the cycle starts all over again.

How do you defend yourself against the new Melissa?

"The best defense is education," says Kevin Haley, group product manager for Norton AntiVirus. If you can recognize the virus, you can catch it.

If you receive an e-mail message with a subject line that begins with "Important message from," be afraid.

If the body of the e-mail message itself (and yes, you can safely open the message) tells you that "Here is that document you asked for ... don't show anyone else ;-)," be very afraid.

In fact, if you get such a message, delete it and notify the poor slob who accidentally sent it to you. And whatever you do, don't open the attached file.

Not everyone who gets the virus will spread it. If you don't open the document, you'll never get infected. And if you're not using Outlook, you won't mass-mail the virus to others, although you can still spread it by sharing Word files.

On the other hand, a lot of people use Outlook, especially in offices (Melissa can't mass-mail through the similarly-named Outlook Express program). If enough people open their attachments within a company that is standardized on Outlook, the mass of extra e-mail can overload the server.

Meeting the Mac

Melissa.W has actually been around almost as long as the original. Like all variants of Melissa, the virus is a Microsoft Word macro that spreads itself far and wide by e-mailing infected files through Microsoft Outlook. And also like all Melissa variants, antivirus programs were catching and neutralizing it with ease.

That is, until it met Microsoft Word 2001 for the Macintosh.

The version of Melissa.W currently making the rounds is a Word 2001 file, something the antivirus programs aren't ready to handle.

"The [antivirus software] engine has to understand the file format to detect a virus," says Vincent Gullotto, director of Network Associates' McAfee Antivirus Emergency Response Team.

So what transformed the virus?

"We don't know," admits Symantec's Haley.

Someone saved an infected file on a Mac-converting the file format and changing the nature of the virus-and then e-mailed it to a PC user.

"It could have been malicious, or it may have simply been someone sending a file," he says.

» posted by ITworld staff

Network World

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
Free books

Build your tech library with our book giveaways.

Windows PowerShell 2.0 Unleashed
By Tyson Kopczynski, Pete Handley, Marco Shaw; Published by Sams

Windows PowerShell Unleashed will not only give you deep mastery over PowerShell but also a greater understanding of the features being introduced in PowerShell 2.0–and show you how to use it to solve your challenges in your production environment. Enter now!

 

Ubuntu Server Administration
By Michael Jang; Published by McGraw-Hill Osborne Media

Realize a dynamic, stable, and secure Ubuntu Server environment with expert guidance, tips, and techniques from a Linux professional. Ubuntu Server Administration covers every facet of system management -- from users and file systems to performance tuning and troubleshooting. Enter now!

Featured Sponsor
Case Study: AISO grows its "green" business

AISO founders envisioned a Web hosting company that was environmentally friendly. While the company employed energy-efficient innovations like solar panels, its infrastructure produced unacceptable power and cooling requirements. Find out how AISO leveraged AMD technology to overcome their challenge in this case study white paper.

Download this white paper »
Myth of the Million Dollar Database

In this whitepaper, Scalar explores the opportunity to change the landscape with respect to mission critical databases built around Oracle. Leveraging technologies such as Linux, high-end commodity processing power and Oracle RAC technology to architect, design, build and maintain database infrastructure that delivers maximum availability, reliability and performance at a fraction of traditional cost.

Download this white paper »
Success Story: Weather.com handles whatever nature serves up

On a typical day, weather.com, the Web site for The Weather Channel in Atlanta, serves up between 15 million and 20 million page views. But in September 2004, when back-to-back hurricanes ransacked Florida, the peak traffic on one day more than tripled: over 70 million page views by more than 7 million unique visitors. Read the full success story now.

Download this white paper »
More Resources