|
||
Information about the computer virus called melissaMelissa is one of the most dreaded and widespread viruses in history, The original Melissa infected the computers across the world as an e-mail chain letter in year 1999. F-Secure first started receiving reports about the computer virus called melissa in year 2001, this time spreading in a file called Anniv.doc.
Melissa.W. is changed formatMelissa.W. is changed format version of the original virus. This virus is fully functional under both Macintosh and Windows versions of Microsoft Office. The major functional difference between Melissa.A and Melissa.W is that the W variant does not lower the macro security settings in Word 2000. The Melissa worm sends e-mail to addresses found from Microsoft Outlook address book. How does e-mail look like?From: (name of infected user) Subject: Important Message From (name of infected user) To: (50 names from address book) Here is that document you asked for ... don't show anyone else ;-) Attachment: Anniv.doc (the infected active document) The important thing to be noticed notice that Melissa.W can arrive in any document - the attachment does not necessarily have to be named Anniv.doc. It may also contain confidential data from the infected computers. Important Facts to know about the computer virus called melissa
Main difference between W97M/Melissa.I and W97M/Melissa.AThe main difference between W97M/Melissa.I and W97M/Melissa.A is that this variant uses a random number to select subject lines and message bodies of outgoing messages from eight different alternatives: 1. Subject: Question for you... It's fairly complicated so I've attached it. 2. Subject: Check this!! This is some wicked stuff! 3. Subject: Cool Web Sites Check out the Attached Document for a list of some of the best Sites on the Web 4. Subject: 80mb Free Web Space! Check out the Attached Document for details on how to obtain the free space. It's cool, I've now got heaps of room. 5. Subject: Cheap Software The attached document contains a list of web sites where you can obtain Cheap Software 6. Subject: Cheap Hardware I've attached a list of web sites where you can obtain Cheap Hardware" 7. Subject: Free Music Here is a list of places where you can obtain Free Music. 8. Subject: * Free Downloads Here is a list of sites where you can obtain Free Downloads. In the last subject, the asterisk will be replaced with a random character. Typical W97M/Melissa.I ExampleUnlike W97M/Melissa.A, this variant uses a different registry key (called "Empirical") to check whenever mass mailing has been done. W97M/Melissa.I contains an additional payload as well. If the number of minutes equals the number of hours, the virus inserts the following text to the active document: All empires fall, you just have to know where to push. At the same time, the virus clears the mark from the registry causing the mass mail part to be reactivated a soon as a document is opened or closed, a new document is created or the Word is restarted. VARIANT: Melissa.O This Melissa variant sends itself to 100 recipients from each Outlook address book. The E-mail looks like this: Subject:
Duhalde Presidente VARIANT: Melissa.U W97M/Melissa.U is a similar to W97M/Melissa.A. Unlike Melissa.A, this variant uses the module name "Mmmmmmm" and it has a destructive payload. This variant deletes the following system files: c:command.com To do this, the virus removes hidden, system, read-only and archive attributes from these files. Unlike W97M/Melissa.A, it sends itself only to 4 recipients. The message itself is also different: Subject:
pictures (user name) Where (user name) is replaced with Word's registered user name. The following text will be added to every infected document: Loading... No and >>>>Please
Check Outlook Inbox
Mail<<<<< This variant has been detected since October 13th, 1999. VARIANT: Melissa.V This variant is similar to W97M/Melissa.U. This variant sends itself to 40 recipients and the message is different: Subject:
My pictures (user name) The message body is empty, and (user name) is replaced with Word's registered user name. After W97M/Melissa.V has mailed itself, it will delete all files from the root of the following drives: M:, N:, O:, P:, Q:, s:, f:, I:, x:, z:, H:, L: When this has been done, the virus shows a message box with the following text: Hint: Get Norton 2000 not McAfee 4.02 This variant has been detected since October 13th, 1999. VARIANT: Melissa.W W97M/Melissa.W does not lower macro security settings in Word 2000. Otherwise it is functionally equal with W97M/Melissa.A. VARIANT: Melissa.AO W97M/Melissa.AO uses Outlook to send e-mail message with: Subject:
Extremely URGENT: To All E-Mail User - The payload activates at 10 am on 10th day of each month when the virus inserts the following text to the active document: Worm! Let's We Enjoy. If your Microsoft Exchange server gets infected, install a Gateway scanner such as F-Secure Anti-Virus for Microsoft Exchange to protect it. Avail this free tool available to clean up an infected Exchange mail database, brought to you by Microsoft. ftp://ftp.microsoft.com/transfer/outgoing/bussys/mail/melissa-virus.zip  Subscribe to "COMPTECH" ezine to get the latest news and updates on Windows Vista. |
Google Search
 Popular Articles
Latest Articles
|
|
Menus
|
||
