The Melissa Worm, also known as “Mailissa”, “Simpsons”, “Kwyjibo”, or “Kwejeebo”, is a computer worm that also functions as a macro virus. On March 26, 1999, Melissa was put in the wild by David L. Smith of Aberdeen Township, New Jersey. Melissa came to be one of the most infamous computer worms the world has ever seen. It shut down Internet mail systems that became clogged with infected e-mails propagating the worm. Melissa affects only users of Outlook + MS Word 97 combination on Windows 9x and NT; much less likely Word 2000 users.
Description
- distributed via the infected attachment — a MS Word document that lists Internet pornography sites
- can spread on word processor Microsoft Word 97 and Word 2000
- can mass mail itself from e-mail client Microsoft Outlook 97 or Outlook 98
- does not work on any other versions of Word, including Word 95
- cannot mass mail itself by any other mail client, even Outlook Express
The Melissa worm targets MS Outlook. It will try to send e-mail to first 50 entries in the Outlook address book. If any of these email addresses are mailing lists, the message will be delivered to everyone on the mailing lists. Therefore actual number of messages can be more than 50.
This macro virus can successfully propagate only on PCs with Microsoft Outlook installed as it uses Outlook specific calls. In short, this virus proved that Microsoft is a very virus-friendly company. It totally harmed Microsoft’s image in the society.
How can this be detected?
Like any other macro viruses, the virus try to disable the possibility to look into the list of macros via Tools/Macros. That makes detection easy — if you cannot get the list, you are probably in trouble — but for Outlook users in this particular case the worm probably already managed to send 50 messages using addresses in the user address book. So detection in this case can be a little bit late and we need prevention.
The e-mail message send by the virus is also easy to detect. It usually contains the following header:
Subject: Important Message From <name>Where <name> is the name of the user sending the message. The body of the message consists of two sections.
- The first section of the message (Content-Type: text/plain) contains the following text.
Here is that document you asked for ... don't show anyone else ;-)
- The next section (Content-Type: application/msword) was initially reported to be a document called “list.doc”. This document contains URLs to pornographic web sites. As this macro virus spreads we are likely to see documents with other names. Some analysts pointed out that, under certain conditions the virus may generate attachments with documents created by the victim.
When a user opens an infected .doc file with Microsoft Word97 or if security level in Word 2000 is set to medium or low, the macro virus is immediately executed, if user will ignore the warning from MS Word that document contains macros of customizations.
Upon execution, the virus first lowers the macro security settings to permit all macros to run when documents are opened in the future. Therefore, the user will not be notified when the virus is executed in the future. It also disable Tools/Macro list.
Prevention/Solution
If you receive this Melissa worm, do not open the attachment and you won’t get infected. Just don’t open the attachment and you will be perfectly safe.
In order to make absolutely sure that Melissa has not infected your computer, you have the following options:
- Carry out a full scan of your computer using antivirus which will quickly detect any possible viruses.
- If the antivirus detects Melissa during the scan, it will automatically offer you the option of deleting it.
- Do not handle or open any Word documents you receive without first checking that they are virus free.
- Install a good antivirus in your computer.
- Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
- Keep your permanent antivirus protection enabled at all times.
The ILOVEYOU virus is a computer worm that spread through email attachments in 2000. The ILOVEYOU worm was written in Microsoft Visual Basic Script (VBS) and exploited the fact that the scripting engine system was enabled by default in Windows. ILOVEYOU spawned many variants carrying payloads that could overwrite data, change files, download other malware and email themselves using Microsoft Outlook.
ILOVEYOU is also known as the love letter virus and the lovebug worm.
ILOVEYOU was created by Onel de Guzman of the Philippines. It was one of the first worms to effectively use social engineering to prompt victims to open the files, an innovation that was copied by many later forms of malware. ILOVEYOU was also one of the most virulent worms, purportedly infecting 45 million machines worldwide, leading to more than $8 billion in damages.
Description
- was written in Microsoft Visual Basic Scripting (VBS) which run in Microsoft Outlook and was enabled by default
- scans your computer’s memory for passwords, and then sends your passwords to a Web site that no longer exists.
- mails itself to all of your contacts in your Outlook address book.
- can also damage files with the following file extensions:
.vbs
.vbe
.js
.css
.wsh
.sct
.hta
.jpg
.jpeg
.mp2
.mp3
- creates messages by iterating through all of your addresses in the Outlook Address Book
- the worm originated in the Pandacan neighborhood of Manila in the Philippines on May 5, 2000
- then it spread westward across the world, moving first to Hong Kong, then to Europe, and finally the United States
- have caused US $5.5-8.7 billion in damages worldwide
- estimated US $15 billion to remove the worm
- estimated 10% of internet-connected computers in the world had been affected
- to protect themselves, The Pentagon, CIA, the British Parliament and most large corporations decided to completely shut down their mail systems
- affected over 45 million computers and was one of the world’s most dangerous computer related disasters
After you open a file with “FW: ILOVEYOU” in the Subject box, you may not be able to locate .jpg or MP3 files on your computer, and your Microsoft Internet Explorer home page may have changed.
The ILOVEYOU message contains the following text:
kindly check the attached LOVELETTER coming from me.
The message also has the Love-letter-for-you.txt.vbs file attached to it.
If you open the message, it does not open the worm virus. However, if you run the attached script, the file infects your computer.
This virus can also be transmitted through infected files and chat programs.
How To Tell If Your Computer Is Infected With The Virus?
Search all of your hard drives for the Love-letter-for-you.txt.vbs file:
- Click Start, click Search, and then click Files or Folders.
- In the Named box, type love-letter-for-you.txt.vbs.
- Make sure that all of your hard drives are selected in the Find in box, and then click Find Now.
To prevent this worm virus from infecting your computer and spreading further, install an Antivirus software in you computer and update it from time to time. (Same with Melissa Worm’s Prevention/Solution).
REFLECTION:
Melissa worm and ILOVEYOU had caused great impacts not just in computers but on a lot of industries including Finance and government agencies such as Pentagon, CIA and British Parliament. They’ve caused catastrophic damages worldwide that shut down a lot of sectors and affected millions of computers and lost billion worth of affluence. These kinds of doings are immoral and considered to be one of the most notorious and wildly incongruous act humans could do to their society.
Although Melissa and ILOVEYOU virus might totally harmed Microsoft’s image and made lost some of the company’s credibility, these viruses also became the gateway for Microsoft to develop and make their products more secure. These viruses were the reasons why other users are switching their OS to Linux or the boost of the sales of Apple computers.
At the time of Mr. Onel de Guzman’s (together with Mr. Reonel Ramones) arrest, there were no laws in the Philippines against writing malware. Both Mr. de Guzman and Mr. Ramones were released with all charges dropped by state prosecutors. Because of the incident, the Philippine Congress enacted Republic Act No. 8792, otherwise known as the E-Commerce Law, in July 2000, just two months after the worm outbreak.
For me, in order to prevent these kinds of unethical computer activities, experts should implement precautions and spread knowledge about these concerns. In our fast-paced world today, everyone should be computer literate and will no longer be ignorant about these. The Philippine government should make more laws concerning the issue that are constitutional and fair.
A quote to ponder: Ignorance is the root of evil.
As an IT student, I must make an effort to learn and understand VBS language (at least for beginner’s level) to help fight of prevent these viruses.
References:
"Melissa (computer virus)". Wikipedia.org.
"Melissa Worm/Virus - a Worm Parasiting on Ms Office 97 Architectural Problems and Ms Word Users’ Ignorance". Nikolai Bezroukov. Softpanorama.
http://www.jrwhipple.com/virus_melissa.html
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBYThhMsHSEgvnj6vEdRZwDHiE3riqqVZu1y5szyQDMsHxu38uiMxZ_xWSSqw-oR18H_ibN4lGRhKAIJjT39dOSJMM1Lzf7fGxbrUnLb76J0MVsLHtHpycdfKeVNp7dYC4JnGElyHqDsfH/s1600/Virus+%2528Melissa%2529.jpg
"ILOVEYOU". Wikipedia.org.
"OLEXP: How to Detect the ILOVEYOU Virus". Microsoft.
"What is ILOVEYOU virus?". SearchSecurity.
"ILOVEYOU Virus". Techopedia.
http://i.stack.imgur.com/BQTXV.gif
No comments:
Post a Comment