Melissa is a fast-spreading macro virus that is distributed as an e-mail attachment that, when opened, disables a number of safeguards in Word 97 or Word 2000, and, if the user has the Microsoft Outlook e-mail program, causes the virus to be resent to the first 50 people in each of the user's address books. While it does not destroy files or other resources, Melissa has the potential to disable corporate and other mail servers as the ripple of e-mail distribution becomes a much larger wave. On Friday, March 26, 1999, Melissa caused the Microsoft Corporation to shut down incoming e-mail. Intel and other companies also reported being affected. The U. S. Department of Defense-funded Computer Emergency Response Team (CERT) issued a warning about the virus and developed a fix.

How Melissa Works

Melissa arrives in an attachment to an e-mail note with the subject line "Important Message from ]the name of someone[," and body text that reads "Here is that document you asked for...don't show anyone else ;-)". The attachment is often named LIST.DOC. If the recipient clicks on or otherwise opens the attachment, the infecting file is read to computer storage. The file itself originated in an Internet alt.sex newsgroup and contains a list of passwords for various Web sites that require memberships. The file also contains a Visual Basic script that copies the virus-infected file into the normal.dot template file used by Word for custom settings and default macros. It also creates this entry in the Windows registry:

Content Continues Below

Download this free guide Download: Your Complete Guide to IAM Utilize this 66-page IAM guide to help you stay on top of the latest best practices and techniques. Security expert Michael Cobb explores the risks and rewards of biometrics measures and multifactor authentication, how organizations can assess if it is time to modernize IAM strategies, and much more. Start Download Corporate E-mail Address: You forgot to provide an Email Address. This email address doesn’t appear to be valid. This email address is already registered. Please login. You have exceeded the maximum character limit. Please provide a Corporate E-mail Address.

I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy. Please check the box if you want to proceed.

I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time. Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

HKEY_CURRENT_USERSoftwareMicrosoftOffice"Melissa?"="...by Kwyjibo"

The virus then creates an Outlook object using the Visual Basic code, reads the first 50 names in each Outlook Global Address Book, and sends each the same e-mail note with virus attachment that caused this particular infection. The virus only works with Outlook, not Outlook Express.

In a small percentage of cases (when the day of the month equals the minute value), a payload of text is written at the current cursor position that says:

"Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game's over. I'm outta here."

The quote refers to the game of Scrabble and is taken from a Bart Simpson cartoon.

The virus also disables some security safeguards. These are described by CERT and the anti-virus software sites.