News > Technology
E-mail virus spreads
March 29, 1999: 3:05 p.m. ET

'Melissa' can send infected messages through Outlook e-mail software
graphic graphic
NEW YORK (CNNfn) - The Federal Bureau of Investigation is investigating the "Melissa" computer virus that has infected more than 100,000 computers so far, a U.S. official said Monday.
     The Melissa virus can automatically send out dozens of e-mail messages from the victim's e-mail address via Microsoft Corp. 's (MSFT) Outlook e-mail software. The bug has disrupted traffic and overloaded network servers at some companies, including Microsoft and Intel Corp. (INTC).
     Michael Vatis, director of the FBI's National Infrastructure Protection Center, said caution on the part of e-mail users will help stem the spread of the virus.
     "I urge e-mail users to exercise extreme caution when reading their e-mail for the next few days," Vatis said. "The transmission of a virus can be a criminal matter and the FBI is investigating."
     The Computer Emergency Response Team (CERT) at Carnegie Mellon University, which became aware of Melissa Friday, estimated the bug has affected more than 100,000 machines so far.
     "We've never seen a virus spread so quickly," Sal Viveros, group director of Network Associates 's (NETA) virus division, told CNNfn.
How Melissa spreads

     The Melissa virus spreads itself via an innocuous-seeming e-mail message. The subject line of the infected message reads "Important Message From ..." then lists the name of the apparent sender. Once opened, the message inside reads: "Here is that document you asked for...don't show anyone else :-)"
     Viveros recommended that e-mail users immediately delete messages that contain such a header.
     If the attached file (called list.doc) is opened, the virus is activated, and it will grab as many as 50 addresses from the victim's address book and send out an identical e-mail.
     The program is especially devious in that the messages appear to be from someone the user knows, so he or she is more likely to open them. Thus, each of the 50 people contacted potentially will pass it on to an additional 50, and so on.
     The virus also can infect any files in Microsoft Word 97 or Word 2000 opened after Melissa is received. If any infected document is then mailed to someone else, 50 infected e-mails may also be sent with the file inadvertently.
     The virus does not appear to inflict permanent damage, such as deleting files from a computer's hard drive. Rather, Viveros explained, it sends copies of the infected Word document to other people, which could result in the leakage of sensitive information.
     The virus also shuts down corporate e-mail servers, which can hinder business productivity.
     Microsoft and Intel became aware of the problem Friday and alerted employees. Microsoft spokesman Adam Sohn told CNNfn that the company made a "strategic decision" to shut down outgoing e-mail from the company Sunday so that the virus would not be spread beyond Microsoft. The shutdown lasted about five hours.
     Sohn said there was no noticeable increase in Microsoft's e-mail traffic Sunday, but noted that some employees had opened the message and activated the virus.
     Intel spokesman Chuck Mulloy told CNNfn the company had been hit by the virus and was taking steps to prevent it from being spread. He did not provide further details.
     Though the virus in its current form won't destroy a user's computer, virus experts warned that hackers typically take an existing virus and create new, more harmful versions.
     Viveros said Network Associates has detected one variant of Melissa and expects to discover more in the future.
     But Jeff Carpenter, CERT's incident response team leader, said the organization has not yet received reports of other strains of the Melissa virus.
     Several software companies specializing in computer security are offering "patches" to detect the virus and automatically delete it. The companies include Symantec, Network Associates and Trend Micro. Back to top


Excel-related virus revealed - Jan. 5, 1999


Warning about Melissa virus

Note: Pages will open in a new browser window
External sites are not endorsed by CNNmoney