MEDIA RELEASE: A new computer virus spread globally
within hours of discovery
This press release comes from Data Fellows. You have previously
expressed
interest in our products, or have asked to be included on one of our press
release lists by personally giving us your e-mail address for this purpose.
If you no longer wish to receive our press releases, or your email
address has
been added to our lists without your consent, you may remove yourself from
our
mailing lists by replying to this message with the words "remove
<your_address@your_domain.com" in the Subject line.
If you only wish to receive our press releases concerning viruses, please
reply
to this message with the text "remove <your_address@your_domain.com"
in the
subject line, and send a second reply with the text "add virus info
<your_address@your_domain.com" in the subject line.
Media release
For immediate release
A new computer virus spread globally within hours of discovery
Melissa virus infects Word documents, e-mails itself to other users
Espoo, Finland, March 27, 1999. - DataFellows, one of the world's leading
developers of anti-virus and encryption software, is warning computer users
about a virulent and widespread computer virus found on Friday, March 26,
1999.
This virus has spread all over the globe within just hours of initial
discovery, apparently spreading faster than any other virus before.
The virus, known as W97M/Melissa, spreads by e-mailing itself automatically
from one user to another. The virus activates by modifying the user's
documents, inserting comments from the TV series “The Simpsons”. Even
worse, it
can send out confidential information from the computer without the user's
noticing it.
The virus was discovered late Friday evening European time, early morning
US
time. For this reason, the virus spread in the USA during Friday. Many
multinational companies reported widespread infections, including
Microsoft and
Intel. Microsoft closed down their whole e-mail system to prevent a further
spreading of the virus. The number of infected computers so far is
estimated at
tens of thousands, and rising quickly.
"We've never seen a virus spread so rapidly," comments Mikko Hypponen,
DataFellows' Manager of Anti-Virus Research. "We've seen a handful of
viruses
that distribute themselves automatically over e-mail, but not one of them has
been as successful as Melissa in the real world."
W97M/Melissa was initially distributed in an Internet discussion group called
alt.sex. The virus was sent in a file called LIST.DOC, which contained
passwords for X-rated websites. When users downloaded the file and opened
it in
Microsoft Word, a macro inside the document executed and e-mailed the
LIST.DOC
file to 50 people listed in the e-mail alias file of the user. The e-mail
looked as follows:
From: (name of infected user)
Subject: Important Message From (name of infected user)
To: (50 names from alias list)
Here is that document you asked for ... don't show anyone else ;-)
Attachment: LIST.DOC
Most recipients are likely to open such a file, as it usually comes from
someone they know.
After sending itself out, the virus continues to infect other Word documents
which the user accesses, i.e. it is not restricted to the initial LIST.DOC
file. Eventually, these infected files can end up being mailed to other users
as well. This can be potentially disastrous, as a user might inadvertently
send
out confidential data to outsiders.
The virus activates if it is executed when the minutes of the hour match the
day of the month - for example 18:27 on the 27th day of a month. At this time
the virus will insert the following phrase into the current document which the
user has open in Word: "Twenty-two points, plus triple-word-score, plus fifty
points for using all my letters. Game's over. I'm outta here". This text, as
well as the alias name of the virus author, "Kwyjibo", are references to the
popular "Simpsons" cartoon TV series.
"The virus won't spread much during this weekend. We will see the real
problem
on Monday morning," continues Hypponen. "When a big company gets
infected,
their e-mail servers are seriously slowed down and might even crash, as
computers start e-mailing large document attachments without the sender
realising it."
W97M/Melissa works with Microsoft Word 97, Microsoft Word 2000 and
Microsoft
Outlook e-mail client. It can infect both Windows and Macintosh users. If the
infected machine does not have Outlook or Internet access at all, the virus
will continue to spread locally within the documents the user accesses.
Data Fellows provides a free solution to the W97M/Melissa virus problem.
Evaluation copies of the F-Secure Anti-Virus toolkit as well as an update to
detect and disinfect the virus are available from the company's website at
datafellows.com
Data Fellows is one of the world's leading developers of data security
products. The company develops, markets and supports integrated anti-virus,
data security and cryptography software products for corporate computer
networks. It has corporate headquarters in San Jose, California and Espoo,
Finland, with additional offices as well as partners, VARs and other
distributors in over 80 countries around the world.
For more information, contact
Data Fellows, 675 North First Street, 8th floor,
San Jose, CA 95112;
tel 408-938-6700; fax 408-938-6701
datafellows.com or info@datafellows.com.
or
Data Fellows Corporation
Mikko Hyppönen, Manager, Anti-Virus Research.
PL 24
FIN-02231 ESPOO
tel s +358 9 8599 0513
fax +358 9 8599 0599
e-mail: Mikko.Hypponen@DataFellows.com
datafellows.com
|
