Microsoft Mail Alert


New Variant of the Melissa Virus
Redmond, Wash., May 27, 2000

This destructive variant of the Melissa.U virus attempts to delete critical system and user data files rendering an infected computer unusable. It also attempts to automatically replicate to all available recipients in the infected user's address book. Most anti-virus software vendors have released updates in the last 24-48 hours.

Summary

Microsoft has been notified of a new variant of the Melissa.U virus. This new variant is detected by most anti-virus software products, but only if users have downloaded updated signature files. Email messages with the infected Word document attachment, called "Explorer.doc," will arrive with the subject line "Resume – Janet Simons." The text of the message reads:

"To: Director of Sales/Marketing,

Attached is my resume with a list of references contained within.

Please feel free to call or email me if you have any further questions regarding my experience. I am looking forward to hearing from you.

Sincerely,

Janet Simons."

Infection occurs when a user opens the infected Word document and chooses to "Enable Macros" or already has macro security set to Low (Word 2000) or disabled (Word 97) in which case the macro is run automatically. It is important to note that the default Word 2000 macro security setting is "High" which silently disables unsigned macros like this Melissa.U variant. By default Word 97 always prompts the user before enabling potentially dangerous macros.

Upon opening the attachment, the virus tries to send itself to all entries in the user’s address book. Upon closing the attachment, the virus begins deleting critical system and data files both on the local hard drive as well as on available network drives.

Details

Please see the following references for more information related to this issue:

Network Associates Website: http://vil.nai.com/villib/dispvirus.asp?virus_k=98661
Symantec Website: http://www.symantec.com/avcenter/venc/data/w97m.melissa.bg.html

For additional general virus information see:
ICSA's Anti-Virus Product Developer’s Website: http://www.icsa.net/html/communities/antivirus/index.shtml
Recommendation

Microsoft recommends customers take the following precautions:

Immediately delete any email message with the subject line beginning with "Resume – Janet Simons" System administrators can strip any attachments called "Explorer.doc" from inbound or outbound email or filter messages by the subject line, at the server or firewall, or firewall antivirus scanner level.

Ensure that Word 2000 macro security setting is "High" (default) or Word 97 Macro Virus Protection is enabled
Users should always "Disable Macros" if given a choice
Don't make yourself vulnerable to this or other viruses by opening an attachment unless you know what it is and who it is coming from. In the case of a worm like this one, be very aware of the subject line and content of the message, as it may come from someone you know without their knowledge.

Disclaimer

This document is for information purposes only. This virus alert pertains only to the virus identified herein and there can be no guarantee that there won't be other viruses present. Microsoft provides this document "AS-IS", and hereby disclaims all warranties and conditions, either express, implied or statutory, including, but not limited to, any (if any) implied warranties, duties or conditions of merchantability, or fitness for a particular purpose.

©2000 Microsoft Corporation. All rights reserved. Terms of Use


 

Webbworks Home Page FeedBack

 


All logos and graphics displayed on Webbworks, Inc.'s web pages are copyrights ©
or trademarks tm of their respective companies.
Duplication of any content of these pages is a violation of the copyright laws of the United States.
HTML Copyright © 1997 - 2000 Webbworks, Inc.
Questions or comments? Please mail to webmaster@webbworks.com
This page was created with the Hot Dog Pro Web Page Editor
Last Updated: Monday, 12-October-98 10:01:14 PDT