Tipsters, I received this from a colleague...it checks out as legit. Mike Hulsizer -- Michael Hulsizer Webster University mailto:[EMAIL PROTECTED]
Okay, it isn't actually a virus, it might better be called a worm. But it's for real. And CERT is calling it a virus, so who am I to argue? CERT has info at http://www.cert.org/advisories/CA-99-04-Melissa-Macro-Virus.html The Melissa macro virus propagates as an e-mail attachment. Most of the time, the e-mail message containing the virulent attachment has had the subject line: Subject: Important Message From <name> Where <name> is the full name of the user sending the message. It is reasonable to expect the exact content of the attachment and its name to change in the field, but so far it has mainly been called "list.doc" (no terminal period). The macro is *immediately* executed when the attachment is opened in MS Word97 or Word2000 if macros are enabled. If MS Outlook is installed, even if Outlook is not used as the user's mailer, the macro will read the first 50 entries in every MAPI address book readable to the user and sends a similar e-mail message with attachment. Do the math: 1 x 50 x 50 x 50 . . . . is quickly *a lot* of mail. This has serious denial of service potential, and if the virus is not disabled it can repropagate at any time. >From the CERT page: If you receive one of these messages, keep in mind that the message came from someone who is affected by this virus and they are not necessarily targeting you. We encourage you to contact any users from which you have received such a message. Also, we are interested in understanding the scope of this activity; therefore, we would appreciate if you would report any instance of this activity to us according to our Incident Reporting Guidelines document available at: http://www.cert.org/tech_tips/incident_reporting.html Advice at the CERT site inculdes: o Utilize virus scanners o Encourage users at your site to disable macros in Microsoft Word Some less technical information is available in Jesse Berst's column for today (which is accurate enough for most purposes and contains a number of helpful links). I'm also attaching the text of the FBI warning on this as transmitted on Declan McCullagh's politech list (reformatted). --Bruce ________Berst Alert____________________ READ THIS FIRST! VIRUS ATTACK -- "MELISSA" BRINGS DOWN MICROSOFT, INTEL, OTHERS http://www.anchordesk.com/a/ad1tlt0329ba/3233 Stop what you're doing. Read this story. Then take immediate steps to protect yourself. The malicious "Melissa" virus spread throughout the Internet over the weekend, forcing major companies to shut down their email systems. Our team has assembled a survival kit to protect you and your company. Full instructions and links at the site. Date: Mon, 29 Mar 1999 10:06:16 -0500 To: [EMAIL PROTECTED] From: Declan McCullagh <[EMAIL PROTECTED]> Subject: FC: Feds warn of Melissa macro virus Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-Id: <[EMAIL PROTECTED]> Text of FBI 'Melissa' warning The National Infrastructure Protection Center (NIPC) was notified on March 26, 1999, of the proliferation of a computer virus known as the "Melissa Macro Virus" (MMV). There have been widespread reports of propagation of this virus into commercial, government and military e-mail gateways and systems. The MMV has the capability of causing a denial of service and degraded computer network performance, which could result in system administrators' having to shut-down affected networks and e-mail servers. The NIPC has received reports of significant network degradation and e-mail outages at major corporations and Internet Service Providers. The NIPC has received no reports of the virus causing any alteration of or damage to any data contained in the infected systems. The MMV exploits a vulnerability that exists in the Microsoft computer software applications Word 97 and Word 2000. The virus is transmitted via an attachment to innocuous e-mail messages transmitted to unsuspecting computer users via the Internet and related networks. The virus is activated when a user opens the infected document. A command is immediately executed that lowers the security settings in the Microsoft Word 97 or Word 2000 application to permit all macro files to run and any newly created Word documents to be infected. The virus spreads by transmitting e-mail messages containing the infected documents to addresses contained in the infected user's e-mail address book. Corrective measures have been developed to guard against infection by the "Melissa Macro Virus" at the network and user level. In addition, leading virus detection utilities (including Symantec [http://www.symantec.com], McAfee [http://www.mcafee.com], and Trend Micro [http://www.antivirus.com]), when updated properly after March 26, 1999, reportedly detect and clean this type of macro viruses. NIPC Director Michael A. Vatis states, "e-mail users have the ability to significantly change the outcome of this incident. I urge e-mail users to exercise caution when reading their e-mail for the next few days and to bring unusual messages to the attention of their system administrator. The transmission of a virus can be a criminal matter, and the FBI is investigating." The MMV has significant potential to cause more-widespread harm than it has to date. In an effort to reduce the impact of the MMV on computer networks, users can take several actions: As the virus requires the user to open an infected document to continue the propagation, users should carefully check their e-mail boxes for any message containing as part of the subject: Important Message From If such a message is found, please contact your system administrator or other responsible party for assistance. Users and system administrators alike should consult reputable information sources for more assistance on how to detect and minimize the impact of the MMV. Information on detection and mitigation strategies can be obtained online from CERT (the Computer Emergency Response Team at Carnegie Mellon University) at http://www.cert.org. The NIPC is a multi-agency organization whose mission is both a national security and law enforcement effort to detect, deter, assess, warn of, respond to, and investigate computer intrusions and other unlawful acts that threaten or target our Nation's critical infrastructures. Located in the FBI's headquarters building in Washington, D.C., the NIPC brings together representatives from the FBI, other U.S. government agencies, state and local governments, and the private sector in a partnership to protect our Nation's critical infrastructures. More information on the NIPC is available on the World Wide Web at http://www.nipc.gov. -------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to [EMAIL PROTECTED] with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------
