For immediate releaseEspoo, Finland, March 27, 1999. - DataFellows, one of the world's leading developers of anti-virus and encryption software, is warning computer users about a virulent and widespread computer virus found on Friday, March 26, 1999. This virus has spread all over the globe within just hours of initial discovery, apparently spreading faster than any other virus before.
The virus, known as W97M/Melissa, spreads by e-mailing itself automatically from one user to another. The virus activates by modifying the user's documents, inserting comments from the TV series "The Simpsons". Even worse, it can send out confidential information from the computer without the user's noticing it.
The virus was discovered late Friday evening European time, early morning US time. For this reason, the virus spread in the USA during Friday. Many multinational companies reported widespread infections, including Microsoft and Intel. Microsoft closed down their whole e-mail system to prevent a further spreading of the virus. The number of infected computers so far is estimated at tens of thousands, and rising quickly.
"We've never seen a virus spread so rapidly," comments Mikko Hypponen, DataFellows' Manager of Anti-Virus Research. "We've seen a handful of viruses that distribute themselves automatically over e-mail, but not one of them has been as successful as Melissa in the real world."
W97M/Melissa was initially distributed in an Internet discussion group called alt.sex. The virus was sent in a file called LIST.DOC, which contained passwords for X-rated websites. When users downloaded the file and opened it in Microsoft Word, a macro inside the document executed and e-mailed the LIST.DOC file to 50 people listed in the e-mail alias file of the user. The e-mail looked as follows:
From: (name of infected user)
Subject: Important Message From (name of infected user)
To: (50 names from alias list)
Here is that document you asked for ... don't show anyone else ;-)
Attachment: LIST.DOC
Most recipients are likely to open such a file, as it usually comes from someone they know.
After sending itself out, the virus continues to infect other Word documents which the user accesses, i.e. it is not restricted to the initial LIST.DOC file. Eventually, these infected files can end up being mailed to other users as well. This can be potentially disastrous, as a user might inadvertently send out confidential data to outsiders.
The virus activates if it is executed when the minutes of the hour match the day of the
month - for example 18:27 on the 27th day of a month. At this time the virus will insert
the following phrase into the current document which the user has open in Word:
"Twenty-two points, plus triple-word-score, plus fifty points for using all my letters.
Game's over. I'm outta here". This text, as well as the alias name of the virus author,
"Kwyjibo", are references to the popular "Simpsons" cartoon TV series.
"The virus won't spread much during this weekend. We will see the real problem on
Monday morning," continues Hypponen. "When a big company gets infected, their e-mail
servers are seriously slowed down and might even crash, as computers start e-mailing
large document attachments without the sender realising it."
W97M/Melissa works with Microsoft Word 97, Microsoft Word 2000 and Microsoft Outlook e-mail client. It can infect both Windows and Macintosh users. If the infected machine does not have Outlook or Internet access at all, the virus will continue to spread locally within the documents the user accesses.
Data Fellows provides a free solution to the W97M/Melissa virus problem. Evaluation
copies of the F-Secure Anti-Virus toolkit as well as an update to detect and disinfect the
virus are available from the company's website at http://www.F-Secure.com/
For further information, please contact
Hong Kong:
Yui Kee Co. Ltd.
Mr. Allan Dyer, Technical Director
Tel: +852 28708555
Fax: +852 28736164
e-mail: adyer@yuikee.com.hk
or visit the Yui Kee web site at http://www.yuikee.com.hk/
Europe:
Data Fellows Corporation
Mikko Hypponen, Manager, Anti-Virus Research.
PL 24
FIN-02231 ESPOO
tel +358 9 8599 0513
fax +358 9 8599 0599
e-mail: Mikko.Hypponen@F-Secure.com
America:
Data Fellows, 675 North First Street, 8th floor,
San Jose, CA 95112;
tel 408-938-6700; fax 408-938-6701
or visit the Data Fellows web site at http://www.F-Secure.com/