Melissa mutant threatens networks

The Melissa virus, which swept across networks around the world last month, has popped up again in a mutated format, which may have occurred when it inadvertently came in contact with another virus.

The latest variation on the Melissa virus utilises a macro virus to replicate itself across networks as the original did, but now changes the file extension of the Word document from .doc to a RTF format. This may effectively camouflage the virus from anti-virus systems that are looking only for the .doc version of the attack. The virus is not actually a RTF document, however, but is simply the Word file masquerading as a RTF file as RTF files cannot contain macro documents.

"An RTF file cannot contain macros, so it cannot contain macro viruses," said Sal Viveros, group marketing manager for Total Virus Defense at Network Associates, which was contacted about the virus by a user. "But with Word you can name your extensions any name you want, so all this virus writer did was change the list.doc in Melissa to list.rtf."

The RTF Melissa virus is similar to the CAP virus which was discovered in 1997 and altered .doc files to RTF files. CAP was summarily added to anti-virus application lists to be protected against, but the similarity of the two viruses, and the possible results of an interaction between the two, has also lead Viveros to speculate that the two viruses might have met and mutated in the wild.

If a system infected with CAP virus also contracted Melissa, then CAP could have altered the Melissa files to replicate as RTF files and the continued to spread the infection.

"It could have been that someone had the CAP virus on they system who got infected by Melissa," said Viveros. "Maybe it was accidental that this was changed to RTF."

However, there is no way to determine if this has been the case, according to Viveros. This new version of the Melissa virus is one of many copy cat viruses that have been discovered since the initial outbreak of the virus, which caught nationwide attention.

To protect against the latest version of Melissa, Network Associates and other anti-virus vendors recommend that users keep their anti-virus lists updated regularly and inform users of the dangers of opening suspicious macros, especially ones fitting the Melissa profile of "Important message from .."

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matthew Nelson

PC World

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?