Fix found for Melissa mutants

Major antivirus vendors have posted fixes for a new strain of the Melissa virus, plus patches for two other variants of the e-mail sending virus, found last week.

Melissa.U(Gen1) is the new culprit, which according to Symantec is a variant of the Melissa.U strain reported last week in addition to Melissa.V. According to Symantec representatives, "A couple" of major corporations have been hit by this virus, including one that experienced 30,000 infections.

Fixes to both the U and V versions of Melissa are posted on the sites of major antivirus vendors.

Computer users shouldn't mistake the new Melissa.U(Genl) for the original, or for the original variant, warns Darren Kessner, a senior virus researcher at Symantec.

"People need to get the latest update, even if they already have the fix for the U and V variants," Kessner emphasises. The fixes for those variants will not protect against the new modified variant, he says.

Identical payload

Melissa.U(Gen1) works much the same way as Melissa.U. The virus arrives in an e-mail with the subject line "pictures" followed by the user name registered in the local copy of Word. The body of the message will contain the phrase "what's up?"

Once received, the virus works by using Microsoft Outlook to e-mail a copy of the infected document to the first four e-mail addresses in the Outlook address book (these can include distribution lists). The virus also deletes several system files, all of which are necessary to boot up the machine, leaving the machine unbootable.

In addition, the virus infects Word's global template, thereby infecting all future Word documents. According to a description of the virus posted on Symantec's Web site, the following text will appear in infected documents: ">>>>>Please Check Outlook Inbox Mail<<<<<"The problem with Melissa.U(Gen1) is that it can escape detection by antivirus software designed to catch Melissa.U or Melissa.V. For that reason, Kessner says it is possible this corruption of the virus was intentional. While Symantec can't be sure of that, the company's Web site notes, "the corruption does not appear to be natural".

Symantec's latest update will catch all of the variants, according to Kessner.

McAfee.com has not posted a specific fix for this newest variant, and has no plans to do so, according to Eddy Hsia, director of development.

"We currently do detect the Gen1 variant of the Melissa.U virus" in the fix that McAfee posted for Melissa.U and Melissa.V last week, Hsia says.

McAfee representatives downplay Symantec officials' emphasis on the need for a new fix for new variants. Both companies emphasise the need to keep your virus detection data files current, however.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Liane Gouthro

PC World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?