Select Page

Behold Melissa!

She’s a deceptive little virus….

 

Essentially, she appears as a spoof email, sweetly tempting victims into, “Important Message from (the name of someone the recipient is acquainted with),” which encompasses an enticing body text proclaiming, “Here is that document you asked for…don’t show anyone else ;-)”.

je ne sais quoi

Lexicon

Blog

Who is the Malicious Melissa?

The name “Melissa” is a Greek derivative denoting, “Honey Bee”. Like her name, this deceptively sweet virus packs a poisonous sting scathing Outlook (Excluding Outlook Express)/Word (with the exception of Word ’95 and prior versions), users with her nasty stealth virus. Created by David L. Smith, Microsoft Outlook/Word users were hit with one of the top lethal viruses – inspired by a Florida dancer. Because she was the first virus proficient in “buzzing” from one machine to another autonomously, “W97M/Melissa.A” was the first array of Melissa outbreaks for the programs Word & Outlook 2000 and Outlook1998.

Essentially, she appears as a spoof email, sweetly tempting victims into, “Important Message from (the name of someone the recipient is acquainted with),” which encompasses an enticing body text proclaiming, “Here is that document you asked for…don’t show anyone else ;-)”.

It is precisely in this pathological Word doc attachment, dubbed “LIST.DOC”, which contains this vicious virus; however, wouldn’t you know, this name can be renamed! If the Word doc is enabled (opened), the virus file is read into to the computer storage that encompasses a visual basic script. Copying into the normal.dot template file (which is employed by Word for revision), this sneaky malware injects the virus file into the very settings and default macros of the word doc. It generates the code, “HKEY_CURRENT_USERSoftwareMicrosoftOffice”Melissa?”=”…by Kwyjibo” recording directly into Window’s log.

Subsequent to its Microsoft Word doc template and macros infection, she then attacks the first 50 Outlooks recipients in each Outlook Global Address Book; sending out the virus to potentially poisoning the victim’s contacts. Each infected email contains the virus in a Word attachment for a finite outbreak which multiplies by assimilating into additional files at every run of the host program and can deactivate certain security safeguards. Essentially, you can generate a new viral document, give the word doc to another person or send it via email. And because this is a true virus, this malicious virus demands a host to accurately “run” (become infected) – in this case, our host is an infected Word doc. Although one isn’t required to own Microsoft Outlook to accept the virus via e-mail; she cannot possibly spread further outside of Outlook, however soil internal documents locally. But watch out Windows 95, 98, NT and Macintosh users, you are not immune – you can be infected too!

Inspired by the game of Scrabble and Bart Simpson, a bundle of text (data transmissions) appears at the mouse marker point stating, “Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game’s over. I’m outta here,” only when the day of the month is equivalent to its minute value. Very funny.. ha-ha! (Not!)

This initially caused quite the epidemic transpiring the fasted distributed virus known to that date, forcing Microsoft Corporation to close all incoming emails on March 26, 1999. Because of the nature and severity of this virus, other companies such as Intel were affected in which the U.S. Department of Defense CERT team declared a breach and developed patches for restoration. Where she does not essentially abolish documents or additional assets, she can impose impending incapacitating effects on business email servers, terminating email communication (one of our most exclusive means of communication at work) if not patched; literally bringing business communication to its knees. In fact, a Congress FBI official declared that Melissa “wreaked havoc on government and private sector networks”.

Melissa contains variants as well!

Behold, Melissa.I, the infection which uses diverse email subject and body messages based on a random number. This variation uses an empirical archive key which elects a list of messages. To view an example, please go here: http://www.f-secure.com/v-descs/melissa.shtml.

The asterisk in subject 8 will essentially be replaced by a different character.

Melissa.O can propagate up to 100 email contacts which appear similar to:

Subject: Duhalde Presidente Body: Programa de gobierno 1999 – 2004.

Using the file name “”Mmmmmmm”, the venomous W97M/Melissa.U obstructs the following system files: c:io.sys, c:command.com, d:io.sys, c:Suhdlog.dat, d:Suhdlog.dat, and c:Ntdetect.com. Yikes! Although she only sends to four recipients, she eradicates system, hidden, archived, and read-only attributes from those documents.

Below is how her email will appear:

Subject: pictures (user name)

Body: what’s up ?

Instead of infecting 50 recipients, Melissa.V sends to 40 utilizing the subject line, “My pictures (user name).” Discovered on October 13, 1999, the body appears altered as well. She uses an empty body and the user name is replaced with the Word’s register user name. Once she is mailed, she then proceeds to erase all root records from these drives: F,H-I, L-Q, S, X, and Z.

After she has deleted all files from these root drives, she then generates a message box stating, “Hint: Get Norton 2000 not McAfee 4.02”.

Utilizing outlook with the following message, Melissa.AO makes a tremendously vital case to open the attachment. PLEASE DON’T! Take a peek at this sneaky message at this web address: http://www.f-secure.com/v-descs/melissa.shtml

 Who she can infect:

  • Microsoft Word – 97and 2000 Programs
  • Microsoft Outlook – 97 and/ or 98 e-mail client
  • Windows 98, NT and Macintosh users

 

How to Avoid Melissa:

Be sure you are cautious of opening attachments, remember, viruses need a host! Review these notes and any of the subject lines listed from the various Melissa viruses (Normally 40 kilobyte doc titled LIST.DOC) DO NOT OPEN! If you feel as though you received a Melissa virus email, delete the email immediately. Compose an email to the sender you received the Melissa email from and let them know they have been infected. She can only infect you if you open her attachment! Don’t let her propagate.

Also, ensure your security by going to Tools, then to Macro, and then select Security. To guarantee security, HIGH safeguard will only permit macros that have been elected to be opened. MEDIUM will prompt a message that permits the incapacitation of a macro if not sure of the suspect macros. Scan your computer frequently and keep current with the latest antivirus software. (This is a must!)

If, by chance you cannot execute these instructions, you might be infected.

How to Patch:

If you feel you are infected by her malicious virus, always, always run your latest antivirus software! Look to an antivirus company for support in removing it (this is their job!) Repeat prior instructions by setting your macros security levels. And if all else fails, refer to this article from Microsoft that will assuredly assist with further questions or concerns. http://support.microsoft.com/kb/224506.

Security Briefing No. 1

Security Briefing No. 1

Security Briefing

No. 1

 

Ensure you write or type out the full “2020” year date. So easy is it to add any number after the year attribute in a date. While you intended to write 1/1/20, a threat agent can maliciously add any date after the “20” in the year attribute. While you meant well in writing 1/1/20, so easily can it be turned into 1/1/2012, 1/1/2019, 1/1/2017, etc. Rather, ensure to write out the complete four digit year to evade ambiguity. Happy 1/1/2020!!~!

Maggie Hillary

Study Tips

Lexicon

Blog

Melissa Virus

Melissa Virus

Behold Melissa!

She’s a deceptive little virus….

 

Essentially, she appears as a spoof email, sweetly tempting victims into, “Important Message from (the name of someone the recipient is acquainted with),” which encompasses an enticing body text proclaiming, “Here is that document you asked for…don’t show anyone else ;-)”.

je ne sais quoi

Lexicon

Blog

Who is the Malicious Melissa?

The name “Melissa” is a Greek derivative denoting, “Honey Bee”. Like her name, this deceptively sweet virus packs a poisonous sting scathing Outlook (Excluding Outlook Express)/Word (with the exception of Word ’95 and prior versions), users with her nasty stealth virus. Created by David L. Smith, Microsoft Outlook/Word users were hit with one of the top lethal viruses – inspired by a Florida dancer. Because she was the first virus proficient in “buzzing” from one machine to another autonomously, “W97M/Melissa.A” was the first array of Melissa outbreaks for the programs Word & Outlook 2000 and Outlook1998.

Essentially, she appears as a spoof email, sweetly tempting victims into, “Important Message from (the name of someone the recipient is acquainted with),” which encompasses an enticing body text proclaiming, “Here is that document you asked for…don’t show anyone else ;-)”.

It is precisely in this pathological Word doc attachment, dubbed “LIST.DOC”, which contains this vicious virus; however, wouldn’t you know, this name can be renamed! If the Word doc is enabled (opened), the virus file is read into to the computer storage that encompasses a visual basic script. Copying into the normal.dot template file (which is employed by Word for revision), this sneaky malware injects the virus file into the very settings and default macros of the word doc. It generates the code, “HKEY_CURRENT_USERSoftwareMicrosoftOffice”Melissa?”=”…by Kwyjibo” recording directly into Window’s log.

Subsequent to its Microsoft Word doc template and macros infection, she then attacks the first 50 Outlooks recipients in each Outlook Global Address Book; sending out the virus to potentially poisoning the victim’s contacts. Each infected email contains the virus in a Word attachment for a finite outbreak which multiplies by assimilating into additional files at every run of the host program and can deactivate certain security safeguards. Essentially, you can generate a new viral document, give the word doc to another person or send it via email. And because this is a true virus, this malicious virus demands a host to accurately “run” (become infected) – in this case, our host is an infected Word doc. Although one isn’t required to own Microsoft Outlook to accept the virus via e-mail; she cannot possibly spread further outside of Outlook, however soil internal documents locally. But watch out Windows 95, 98, NT and Macintosh users, you are not immune – you can be infected too!

Inspired by the game of Scrabble and Bart Simpson, a bundle of text (data transmissions) appears at the mouse marker point stating, “Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game’s over. I’m outta here,” only when the day of the month is equivalent to its minute value. Very funny.. ha-ha! (Not!)

This initially caused quite the epidemic transpiring the fasted distributed virus known to that date, forcing Microsoft Corporation to close all incoming emails on March 26, 1999. Because of the nature and severity of this virus, other companies such as Intel were affected in which the U.S. Department of Defense CERT team declared a breach and developed patches for restoration. Where she does not essentially abolish documents or additional assets, she can impose impending incapacitating effects on business email servers, terminating email communication (one of our most exclusive means of communication at work) if not patched; literally bringing business communication to its knees. In fact, a Congress FBI official declared that Melissa “wreaked havoc on government and private sector networks”.

Melissa contains variants as well!

Behold, Melissa.I, the infection which uses diverse email subject and body messages based on a random number. This variation uses an empirical archive key which elects a list of messages. To view an example, please go here: http://www.f-secure.com/v-descs/melissa.shtml.

The asterisk in subject 8 will essentially be replaced by a different character.

Melissa.O can propagate up to 100 email contacts which appear similar to:

Subject: Duhalde Presidente Body: Programa de gobierno 1999 – 2004.

Using the file name “”Mmmmmmm”, the venomous W97M/Melissa.U obstructs the following system files: c:io.sys, c:command.com, d:io.sys, c:Suhdlog.dat, d:Suhdlog.dat, and c:Ntdetect.com. Yikes! Although she only sends to four recipients, she eradicates system, hidden, archived, and read-only attributes from those documents.

Below is how her email will appear:

Subject: pictures (user name)

Body: what’s up ?

Instead of infecting 50 recipients, Melissa.V sends to 40 utilizing the subject line, “My pictures (user name).” Discovered on October 13, 1999, the body appears altered as well. She uses an empty body and the user name is replaced with the Word’s register user name. Once she is mailed, she then proceeds to erase all root records from these drives: F,H-I, L-Q, S, X, and Z.

After she has deleted all files from these root drives, she then generates a message box stating, “Hint: Get Norton 2000 not McAfee 4.02”.

Utilizing outlook with the following message, Melissa.AO makes a tremendously vital case to open the attachment. PLEASE DON’T! Take a peek at this sneaky message at this web address: http://www.f-secure.com/v-descs/melissa.shtml

 Who she can infect:

  • Microsoft Word – 97and 2000 Programs
  • Microsoft Outlook – 97 and/ or 98 e-mail client
  • Windows 98, NT and Macintosh users

 

How to Avoid Melissa:

Be sure you are cautious of opening attachments, remember, viruses need a host! Review these notes and any of the subject lines listed from the various Melissa viruses (Normally 40 kilobyte doc titled LIST.DOC) DO NOT OPEN! If you feel as though you received a Melissa virus email, delete the email immediately. Compose an email to the sender you received the Melissa email from and let them know they have been infected. She can only infect you if you open her attachment! Don’t let her propagate.

Also, ensure your security by going to Tools, then to Macro, and then select Security. To guarantee security, HIGH safeguard will only permit macros that have been elected to be opened. MEDIUM will prompt a message that permits the incapacitation of a macro if not sure of the suspect macros. Scan your computer frequently and keep current with the latest antivirus software. (This is a must!)

If, by chance you cannot execute these instructions, you might be infected.

How to Patch:

If you feel you are infected by her malicious virus, always, always run your latest antivirus software! Look to an antivirus company for support in removing it (this is their job!) Repeat prior instructions by setting your macros security levels. And if all else fails, refer to this article from Microsoft that will assuredly assist with further questions or concerns. http://support.microsoft.com/kb/224506.

Spyware

Spyware

Spyware

Covert espionage…

 

You’ve been hit by—
You’ve been struck by—
A Smooth Criminal…

Michael Jackson - King of Pop

One of the most significant cultural figures of the 20th century and one of the greatest entertainers in the history of music.

je ne sais quoi

Lexicon

Blog

Have you ever been offered free software or perhaps free tech support? Think twice before you unwittingly click the link…  Much like Trojans, unless you are unequivocally certain of the source, you could be inadvertently inviting a spy into your system…

Begetting calamity to your confidentiality, this covert little spy gathers and reports intel about the user – devoid of any user knowledge or consent.  This threat agent is typically driven through monetary gain; thus used quite frequently in advertising such as generating revenue.

 

error: Property of InfoSecurityChick.com. You are not permitted to copy.

Pin It on Pinterest

Share This