What is the Melissa/Papa virus?

A. On Friday, 26th March 1999 a new virus called Melissa wasdiscovered and has all ready caused major problems for many top companiesincluding Microsoft and Intel.

The new virus is a Word macro virus which is spread via e-mail and attacksusers of Microsoft Word 97 and Microsoft Word 2000.

If you receive an e-mail with the subject line "Important message from... ," it may indicate you have been sent the virus. If that message comeswith a Word document attached called "list.doc," (but it's not alwayscalled that) you've likely been sent the Word/Melissa macro virus. If you openthe document, it will send copies of itself to 50 e-mail addresses it gleansfrom your personal e-mail. The most common method of infection seems to be viaOutlook.

The body of the message begins "Here is that document you asked for ...don't show anyone else ;-)" with a document of pornographic Web sitesnamed "list.doc". Once the .doc file is opened with either Word 97 orWord 2000, the virus is immediately executed if macros are enabled. It modifiesthe Word setting by infecting the warning template and the current open file.

In addition, if the minute of the hour matches the date (for example, 3:31p.m. on 31st March), Melissa will insert a Bart Simpson quote into the currentdocument:

"Twenty-two points, plus triple-word score, plus fifty points forusing all my letters. Game's over. I'm outta here"

A new strain of the Melissa virus has already been reported (30/03/1999)which defeats the current Melissa anti-virus measures and the subject line isnow blank and this variant is known as W97M_MELISSA.A. Check your anti-virusvendors website for an updated fix.

The source for Melissa can be seen here.

A second virus has been reported called Papa which behaves in the same waybut sends mail to the first 60 names in your Outlook address book and affectsExcel instead of Word.

This time the subject line claims the message is from "all.net and FredCohen." The body of the e-mail, which contains an attached document titled"path.xls," then instructs the user not to disable the macros, whichis how the virus is activated.

A new breed of viruses now allow a virus to be activated by just opening amail message, however normally you have to open an attachment so warnings about virus's byopening a mail message were hoax's and there have been a large number of thesecirculating recently (pre November 1999).

This could change in the near future with the integration of mail with HTMLand ActiveX components.You just need one Trojan enhancement (most are clientside ActiveX DLLs) and then even opening an HTML e-mail could be dangerous.

In order to prevent Macro virus's attacking office make sure make sure macrovirus protection is turned on:

In Word 97 and Excel 97

In Word 2000 and Excel 2000