[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: Weekend virus (Melissa)

To: "NoPrivacy" <noprivacy@essential.org>
Subject: FW: Weekend virus (Melissa)
From: "Greg Peisert" <gpeisert@JamesGregory.com>
Date: Mon, 29 Mar 1999 08:18:45 -0500
Importance: Normal
Reply-To: <gpeisert@JamesGregory.com>
Sender: gpeisert@JamesGregory.com

Folks;

Apparently, there is a bad one going around. It started this weekend.
You get a message saying "An important message from ....", and an
attachment called list.doc.

DON'T OPEN THAT DOCUMENT!  Discard the message.  It will add unwanted sites
and send
itself to the 1st 50 messages in your outlook mailbox.

 There is good information on it at ZD Net:

********** VIRUS ALERT ***********
Jesse Berst, Editorial Director
ZDNet AnchorDesk

I haven't seen anything take over this fast since Invasion of the Body
Snatchers.
A malicious virus is poised to overwhelm the Internet today. Beginning on
Friday, "Melissa" first defeated major corporations such as Microsoft and
Intel. Over the weekend, it spread to other companies and universities.
Left unchecked, it could infect millions of computers in a matter of days.

Here's my advice:

Understand the problem
Disinfect your computer and your company
Take steps to protect yourself in the future
Let's get started with step one. Then I'll send you to expert advice for
steps two and three.

WHO'S AT RISK You can be infected if you use:

Microsoft Word 97 or Word 2000 for word processing and
Microsoft Outlook for email (Outlook Express, however, is not affected)
Millions of people use this combination. If you're one of them, then you
could be in trouble. In fact, you may be in trouble already without
realizing it.

HOW MELISSA WORKS Melissa is a so-called "macro" virus. It resides inside a
Word document attached to an email. If you open the document, it will try
to run the malicious macro. If you permit that macro to run...

You're screwed.

Melissa then sends a copy of the document to the first 50 people in your
address book. And now they're in danger too.

Melissa propagates so fast, it can quickly overwhelm mail servers. Even
worse, it can send out secret company information to outsiders.

HOW MELISSA DAMAGES YOU AND YOUR COMPANY Melissa doesn't delete files or
trash disks. Rather, it overwhelms mail servers as it propagates itself.
The first time it sends out 50 infected messages. Those 50 can potentially
spawn another 50 each, for a total of 2,500. Those 2,500 can theoretically
launch 50 more... and so on.

Even worse, the virus could expose embarrassing or sensitive information.
It initially attaches to a document called LIST.DOC (a roster of
pornographic sites). But it may infect future Word documents. So if you
call up your top-secret product plans... or your private list of special
discounts to favorite customers... or the roll-call of employees you plan
to fire next week... those other documents may also get posted to the first
50 people in your address book.

Of course, if you're Microsoft, your secret plans have already been aired
to the public, courtesy of the U.S. Department of Justice. Everybody else,
however, has a lot at stake.


LINK:  http://www.zdnet.com/anchordesk/story/story_3233.html

ZDNet is disseminating credible information on a new Word macro virus that
began to play havoc this weekend. Apparently it has created serious
problems at Microsoft and Intel, among others. Anyone is vulnerable because
it slips past firewalls, etc. as an innocuous Word attachment.

Here is a word from the above link:

The new "Melissa" virus infects Microsoft Word documents using Visual Basic
for Applications -- the built-in scripting language in the Microsoft Office
suite. The virus has three main actions:


It infects Word and spreads to all Word documents you open.

It changes some settings to ease infection.

It e-mails itself using Microsoft Outlook, masquerading as a message from
you.

When you open an infected Word document, Melissa spreads to your NORMAL.DOT
document template. This is where Word stores your custom settings and
default macros. By copying itself into NORMAL.DOT, Melissa ensures that
your Word installation is infected and any documents or templates you
create will get the virus added.

HKEY_Current_UserSoftwareMicrosoftOfficeMelissa?

And give is the value: "... by Kwyjibo". If you have this registry key,
then that machine has been infected by Melissa at some stage.



***** You might want to open REGEDIT.EXE (in the Windows Directory), go to
the Edit menu, select "Find" and search for "Melissa". If you find it, your
machine is infected.


-- Greg Peisert

Prev by Date: Want privacy? -- write your congresscritters NOW
Next by Date: Chicken and the Egg Theories
Prev by thread: Want privacy? -- write your congresscritters NOW
Next by thread: ACLU defends personal-info privacy
Index(es):
- Date
- Thread