A decade of viruses: Melissa turns 10

Ten years ago today, virus writer David Smith unleashed Melissa, a worm that changed the security landscape.

Allegedly named after a lap dancer Smith met in Florida, the Melissa virus sent an infected e-mail entitled "Here is that document you asked for ... don't show anyone else;-)" . The virus sent copies of itself through Microsoft Outlook to the first 50 e-mail addresses on each victim's mailing list.

The worm quickly spread around the world, overloading e-mail servers and preventing many businesses from using e-mail. According to Wikipedia, companies such as Microsoft, Intel, Lockheed Martin and Lucent Technologies were forced to shut down their e-mail gateways due to the vast amount of e-mail the virus was generating.

Melissa caused £55m of damage. Smith was imprisoned for 20 months  and fined $5,000.

Antivirus gateway service MessageLabs, now owned by Symantec, was one of the first services to spot the attack. "Melissa was the virus equivalent of the supermodels from the 1990s, known by one name and iconic within the industry," said Alex Shipp, senior director, emerging anti-malware technologies for MessageLabs services.

Shipp said Melissa was the first mass-mailing virus that succeeded. "The social engineering side of it was good, due to the sex angle which lured people in."

Melissa was a big wake-up call for the anti-virus industry. "Before Melissa, we updated patches once a day. Luckily it first struck in the US and we had our signatures in place by the time Melissa came to the UK. However, we realised we needed to put in place automatic updates to install virus signatures every five minutes."

This became a turning point for MessageLabs, according to Shipp. "MessageLabs took off because of the fall-out from Melissa. Before Melissa, anti-virus companies told big scare stories about viruses; after Melissa, viruses became mainstream."

MessageLabs realised that signature-based anti-virus protection would be inappropriate if a virus attack occurred before a signature file could be created. "We decided to focus on heuristic analysis instead of signature-based anti-virus. Our first major virus with heuristic analysis was Love Bug in 2000."