Fix found for Melissa mutants
- — 19 October, 1999 21:49
Major antivirus vendors have posted fixes for a new strain of the Melissa virus, plus patches for two other variants of the e-mail sending virus, found last week.
Melissa.U(Gen1) is the new culprit, which according to Symantec is a variant of the Melissa.U strain reported last week in addition to Melissa.V. According to Symantec representatives, "A couple" of major corporations have been hit by this virus, including one that experienced 30,000 infections.
Fixes to both the U and V versions of Melissa are posted on the sites of major antivirus vendors.
Computer users shouldn't mistake the new Melissa.U(Genl) for the original, or for the original variant, warns Darren Kessner, a senior virus researcher at Symantec.
"People need to get the latest update, even if they already have the fix for the U and V variants," Kessner emphasises. The fixes for those variants will not protect against the new modified variant, he says.
Melissa.U(Gen1) works much the same way as Melissa.U. The virus arrives in an e-mail with the subject line "pictures" followed by the user name registered in the local copy of Word. The body of the message will contain the phrase "what's up?"
Once received, the virus works by using Microsoft Outlook to e-mail a copy of the infected document to the first four e-mail addresses in the Outlook address book (these can include distribution lists). The virus also deletes several system files, all of which are necessary to boot up the machine, leaving the machine unbootable.
In addition, the virus infects Word's global template, thereby infecting all future Word documents. According to a description of the virus posted on Symantec's Web site, the following text will appear in infected documents: ">>>>>Please Check Outlook Inbox Mail<<<<<"The problem with Melissa.U(Gen1) is that it can escape detection by antivirus software designed to catch Melissa.U or Melissa.V. For that reason, Kessner says it is possible this corruption of the virus was intentional. While Symantec can't be sure of that, the company's Web site notes, "the corruption does not appear to be natural".
Symantec's latest update will catch all of the variants, according to Kessner.
McAfee.com has not posted a specific fix for this newest variant, and has no plans to do so, according to Eddy Hsia, director of development.
"We currently do detect the Gen1 variant of the Melissa.U virus" in the fix that McAfee posted for Melissa.U and Melissa.V last week, Hsia says.
McAfee representatives downplay Symantec officials' emphasis on the need for a new fix for new variants. Both companies emphasise the need to keep your virus detection data files current, however.