During the first half of October, several variants of the Melissa virus popped up. The new variants, which experts believe copycat programmers created, are built on the original Melissa virus code and are more destructive than the original virus. You might remember the original Melissa virus, which wreaked havoc on computers and computer users earlier this year when it first appeared on March 26. Melissa arrived as an email attachment, sent itself to other recipients in the Exchange or Outlook address book, and essentially shut down the user’s email capability. The Melissa.U virus arrives as an email entitled “Pictures” followed by the username, gleaned from the registration information of the local version of Word 97 or Word 2000. Some news sources refer to this technique as infiltration through social engineering. The body of the virus email message reads, “What’s up?” Melissa.U proceeds to mail itself to the first four addresses in the local version of Outlook’s address book, using the MAPI email client. The virus then unleashes its destructive payload: It uses the ATTRIB tool to find certain critical hidden, read-only files and delete them. The files that Melissa.U deletes are:
• c:\command.com
• c:\io.sys
• d:\command.com
• d:\io.sys
• c:\ntdetect.com
• c:\suhdlog.dat
• c:\ntdetect.com
• d:\suhdlog.dat
Another strain of Melissa, Melissa.V, is slightly different. When it arrives, Melissa.V sends an email message of itself to the first 40 addresses in the address book. The email message is entitled "My Pictures" followed by the registered username of the local copy of Word. The virus then attempts to delete all files and directories of the following drives, in this sequence: m:\, n:\, o:\, p:\, q:\, s:\, f:\, i:\, x:\, z:\, h:\, l:\. The virus opens a message box and tells the user to look in the Outlook inbox. The virus then creates a document and inserts the statement, "Hint: Get Norton 2000 and not McAfee 4.01." A week after the initial discovery of the Melissa variants, Symantec, the maker of Norton 2000, announced that it had discovered a new variant of Melissa.U, called Melissa.U (Gen 1). While the Melissa.U (Gen 1) infects local files with the original Melissa.U, it sends copies of the new Gen 1 variant. Virus protection against Melissa.U won't work against the new variant. Both Symantec and McAfee offer protection against Melissa.U and Melissa.V, although at the time of this article, only Symantec offered protection against Melissa.U (Gen 1).