Feeds

Melissa anniversary marks birth of email-aware malware

Supermodel of computer virus world turns 10, still spreading

5 things you didn’t know about cloud backup

Thursday (26 March) marks the 10th anniversary of the notorious Melissa virus, the first successful email-aware virus.

The Word macro virus, allegedly named after a lap dancer that creator David L. Smith met in Florida, spread via infected Word documents. Windows users who opened the Word document on unprotected systems became infected with the malware, which forwarded itself to the first 50 people in an infected user's Microsoft Outlook address book, further spreading the infection in the process.

Infected emails appeared with the subject lines such as "Here is that document you asked for... don’t show anyone else;-)". The basic social engineering tactic piqued people's interest to the extent that the malicious messages mushroomed in a matter of hours, overloading email servers across the globe in the process.

The virus was programmed to occasionally corrupt documents but had no money-making functions, unlike current generations of malware. Despite this, security firms reckon the virus ushered in the era of botnet-creating malware agents and mass-mailing worms that characterise the current internet security scene.

Since intercepting the virus in March 1999, email and web filtering firm MessageLabs, which is now part of Symantec, has stopped 108 different strains and more than 100,000 copies of the virus. Even this year, MessageLabs' services continue to intercept, on average, ten Melissa-infected emails a month.

"Melissa was the virus equivalent of the supermodels from the 90’s, known by one name and iconic within the industry," said Alex Shipp, senior director of emerging anti-malware technologies at MessageLabs services. "This was the first attack of this magnitude and I remember that when the numbers reached the hundreds within the first hour of stopping Melissa, which were significant levels in 1999, we knew the threat landscape had changed evermore."

A retrospective on Melissa by Graham Cluley, at Sophos, explains the time line of the attack and the eventual arrest and conviction of its author, David L. Smith, in some depth. The Melissa virus first appeared as infected Word document, containing supposed login details to pornographic websites, posted to the alt.sex usenet group.

This post was traced back to a compromised AOL account, skyrocket@aol.com. This hack was itself traced back to a house in New Jersey, owned by Smith's brother. A week or so later Smith, then 30 and thus old for a VXer, was arrested for malware distribution offences.

Within weeks of the FBI arresting him, Smith had turned rat and was using a fake identity to communicate with and track fellow VXers around the world, it has since emerged.

According to court papers, Smith allowed the FBI to identify the Netherlands-based author of the Anna Kournikova virus as Jan de Wit, furnishing his name, home address and email address. The Dutchman was subsequently sentenced to 150 hours community service.

In 2001, Smith reportedly assisted in the investigation that led the arrest of part-time DJ Simon Vallor, the Welsh author of three viruses. Vallor was arrested by British police in February 2002, pleaded guilty to computer hacking offences and sent to jail for two years. None of the strains of malware created by Vallor did much harm, or made much impact, so this sentence appears harsh, especially in comparison to the eventual fate of the much older Smith.

Smith's assistance is probably the reason why his prosecution was delayed. Eventually, in 2002, three years after the Melissa virus spread across the globe, Smith was sentenced to 20 months behind bars.

Cluley described the Melissa virus as the "grandmother" of email-aware malware, inspiring subsequent malware authors. "Virus writers couldn't fail to notice the impact that Melissa was having, and the virus cast a long shadow as it inspired thousands of other malware attacks such as Anna Kournikova, The Love Bug, Netsky, [and] Bagle in [subsequent] years," he writes. ®

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.