Mechanical Music Digest  Archives
You Are Not Logged In Login/Get New Account
Please Log In. Accounts are free!
Logged In users are granted additional features including a more current version of the Archives and a simplified process for submitting articles.
Home Archives Calendar Gallery Store Links Info

End-of-Year Fundraising Drive In Progress. Please visit our home page to see this and other announcements: https://www.mmdigest.com     Thank you. --Jody

MMD > Archives > March 1999 > 1999.03.28 > 01Prev  Next


Melissa AutoSpam Virus Affects Microsoft Word 97
By Jody Kravitz

Over the years I've received many inquiries from subscribers about the
validity of various virus alerts.  Most of them are hoaxes.  This one
is not.  The Melissa (AKA Kwyjibo) virus was first reported to the
Computer Emergency Response Team (CERT) at Carnegie Mellon University
at 2:00 PM GMT-5 on Friday March 26 1999.

This virus became front page news in San Diego by infecting the
computers at the San Diego Union Tribune newspaper.

Quoting from the Computer Emergency Response Team:

 - - - begin quote - - -

The Melissa macro virus propagates in the form of an email message
containing an infected Word document as an attachment.  The transport
message has most frequently been reported to contain the following
Subject header

    Subject: Important Message From <name>

Where <name> is the full name of the user sending the message.

The body of the message is a multipart MIME message containing two
sections. The first section of the message (Content-Type: text/plain)
contains the following text.

    Here is that document you asked for ... don't show anyone else ;-)

The next section (Content-Type: application/msword) was initially
reported to be a document called "list.doc". This document contains
references to pornographic web sites. As this macro virus spreads we
are likely to see documents with other names. In fact, under certain
conditions the virus may generate attachments with documents created
by the victim.

When a user opens an infected .doc file with Microsoft Word97 or
Word2000, the macro virus is immediately executed if macros are
enabled.

Upon execution, the virus first lowers the macro security settings to
permit all macros to run when documents are opened in the future.
Therefore, the user will not be notified when the virus is executed in
the future.

 - - - end quote - - -

As usual, the basic safety advice is "Don't execute (open) the attachment"
even though it seems to come from someone you know.

Additional information may be had via the following URLs:

CERT:       http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html
AP:         http://www.techserver.com/noframes/story/0,2294,32200-51845-384935-0,00.html
ZD:         http://www.zdnet.com/zdnn/stories/news/0,4586,2233030,00.html
CNET:       http://www.news.com/News/Item/0,4,34334,00.html
Infoworld:  http://www.infoworld.com/cgi-bin/displayStory.pl?990326.wcvirus.htm
McAfee:     http://vil.mcafee.com/vil/vm10120.asp
Avertlabs:  http://www.avertlabs.com/public/datafiles/valerts/vinfo/melissa.asp
Microsoft:  http://www.microsoft.com/security/bulletins/ms99-002.asp

Good Luck!
Jody


(Message sent Mon 29 Mar 1999, 01:59:24 GMT, from time zone GMT-0800.)

Key Words in Subject:  97, Affects, AutoSpam, Melissa, Microsoft, Virus, Word

Home    Archives    Calendar    Gallery    Store    Links    Info   


Enter text below to search the MMD Website with Google



CONTACT FORM: Click HERE to write to the editor, or to post a message about Mechanical Musical Instruments to the MMD

Unless otherwise noted, all opinions are those of the individual authors and may not represent those of the editors. Compilation copyright 1995-2024 by Jody Kravitz.

Please read our Republication Policy before copying information from or creating links to this web site.

Click HERE to contact the webmaster regarding problems with the website.

Please support publication of the MMD by donating online

Please Support Publication of the MMD with your Generous Donation

Pay via PayPal

No PayPal account required

                                     
Translate This Page