Feeds

Melissa anniversary marks birth of email-aware malware

Supermodel of computer virus world turns 10, still spreading

Using blade systems to cut costs and sharpen efficiencies

Thursday (26 March) marks the 10th anniversary of the notorious Melissa virus, the first successful email-aware virus.

The Word macro virus, allegedly named after a lap dancer that creator David L. Smith met in Florida, spread via infected Word documents. Windows users who opened the Word document on unprotected systems became infected with the malware, which forwarded itself to the first 50 people in an infected user's Microsoft Outlook address book, further spreading the infection in the process.

Infected emails appeared with the subject lines such as "Here is that document you asked for... don’t show anyone else;-)". The basic social engineering tactic piqued people's interest to the extent that the malicious messages mushroomed in a matter of hours, overloading email servers across the globe in the process.

The virus was programmed to occasionally corrupt documents but had no money-making functions, unlike current generations of malware. Despite this, security firms reckon the virus ushered in the era of botnet-creating malware agents and mass-mailing worms that characterise the current internet security scene.

Since intercepting the virus in March 1999, email and web filtering firm MessageLabs, which is now part of Symantec, has stopped 108 different strains and more than 100,000 copies of the virus. Even this year, MessageLabs' services continue to intercept, on average, ten Melissa-infected emails a month.

"Melissa was the virus equivalent of the supermodels from the 90’s, known by one name and iconic within the industry," said Alex Shipp, senior director of emerging anti-malware technologies at MessageLabs services. "This was the first attack of this magnitude and I remember that when the numbers reached the hundreds within the first hour of stopping Melissa, which were significant levels in 1999, we knew the threat landscape had changed evermore."

A retrospective on Melissa by Graham Cluley, at Sophos, explains the time line of the attack and the eventual arrest and conviction of its author, David L. Smith, in some depth. The Melissa virus first appeared as infected Word document, containing supposed login details to pornographic websites, posted to the alt.sex usenet group.

This post was traced back to a compromised AOL account, skyrocket@aol.com. This hack was itself traced back to a house in New Jersey, owned by Smith's brother. A week or so later Smith, then 30 and thus old for a VXer, was arrested for malware distribution offences.

Within weeks of the FBI arresting him, Smith had turned rat and was using a fake identity to communicate with and track fellow VXers around the world, it has since emerged.

According to court papers, Smith allowed the FBI to identify the Netherlands-based author of the Anna Kournikova virus as Jan de Wit, furnishing his name, home address and email address. The Dutchman was subsequently sentenced to 150 hours community service.

In 2001, Smith reportedly assisted in the investigation that led the arrest of part-time DJ Simon Vallor, the Welsh author of three viruses. Vallor was arrested by British police in February 2002, pleaded guilty to computer hacking offences and sent to jail for two years. None of the strains of malware created by Vallor did much harm, or made much impact, so this sentence appears harsh, especially in comparison to the eventual fate of the much older Smith.

Smith's assistance is probably the reason why his prosecution was delayed. Eventually, in 2002, three years after the Melissa virus spread across the globe, Smith was sentenced to 20 months behind bars.

Cluley described the Melissa virus as the "grandmother" of email-aware malware, inspiring subsequent malware authors. "Virus writers couldn't fail to notice the impact that Melissa was having, and the virus cast a long shadow as it inspired thousands of other malware attacks such as Anna Kournikova, The Love Bug, Netsky, [and] Bagle in [subsequent] years," he writes. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.