Feeds

Melissa anniversary marks birth of email-aware malware

Supermodel of computer virus world turns 10, still spreading

Using blade systems to cut costs and sharpen efficiencies

Thursday (26 March) marks the 10th anniversary of the notorious Melissa virus, the first successful email-aware virus.

The Word macro virus, allegedly named after a lap dancer that creator David L. Smith met in Florida, spread via infected Word documents. Windows users who opened the Word document on unprotected systems became infected with the malware, which forwarded itself to the first 50 people in an infected user's Microsoft Outlook address book, further spreading the infection in the process.

Infected emails appeared with the subject lines such as "Here is that document you asked for... don’t show anyone else;-)". The basic social engineering tactic piqued people's interest to the extent that the malicious messages mushroomed in a matter of hours, overloading email servers across the globe in the process.

The virus was programmed to occasionally corrupt documents but had no money-making functions, unlike current generations of malware. Despite this, security firms reckon the virus ushered in the era of botnet-creating malware agents and mass-mailing worms that characterise the current internet security scene.

Since intercepting the virus in March 1999, email and web filtering firm MessageLabs, which is now part of Symantec, has stopped 108 different strains and more than 100,000 copies of the virus. Even this year, MessageLabs' services continue to intercept, on average, ten Melissa-infected emails a month.

"Melissa was the virus equivalent of the supermodels from the 90’s, known by one name and iconic within the industry," said Alex Shipp, senior director of emerging anti-malware technologies at MessageLabs services. "This was the first attack of this magnitude and I remember that when the numbers reached the hundreds within the first hour of stopping Melissa, which were significant levels in 1999, we knew the threat landscape had changed evermore."

A retrospective on Melissa by Graham Cluley, at Sophos, explains the time line of the attack and the eventual arrest and conviction of its author, David L. Smith, in some depth. The Melissa virus first appeared as infected Word document, containing supposed login details to pornographic websites, posted to the alt.sex usenet group.

This post was traced back to a compromised AOL account, skyrocket@aol.com. This hack was itself traced back to a house in New Jersey, owned by Smith's brother. A week or so later Smith, then 30 and thus old for a VXer, was arrested for malware distribution offences.

Within weeks of the FBI arresting him, Smith had turned rat and was using a fake identity to communicate with and track fellow VXers around the world, it has since emerged.

According to court papers, Smith allowed the FBI to identify the Netherlands-based author of the Anna Kournikova virus as Jan de Wit, furnishing his name, home address and email address. The Dutchman was subsequently sentenced to 150 hours community service.

In 2001, Smith reportedly assisted in the investigation that led the arrest of part-time DJ Simon Vallor, the Welsh author of three viruses. Vallor was arrested by British police in February 2002, pleaded guilty to computer hacking offences and sent to jail for two years. None of the strains of malware created by Vallor did much harm, or made much impact, so this sentence appears harsh, especially in comparison to the eventual fate of the much older Smith.

Smith's assistance is probably the reason why his prosecution was delayed. Eventually, in 2002, three years after the Melissa virus spread across the globe, Smith was sentenced to 20 months behind bars.

Cluley described the Melissa virus as the "grandmother" of email-aware malware, inspiring subsequent malware authors. "Virus writers couldn't fail to notice the impact that Melissa was having, and the virus cast a long shadow as it inspired thousands of other malware attacks such as Anna Kournikova, The Love Bug, Netsky, [and] Bagle in [subsequent] years," he writes. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.