Firms block e-mail as Melissa strikes again

Feature

Firms block e-mail as Melissa strikes again

The Melissa virus, which caused widespread damage in 1999, struck again this week, hitting more than 1,000 users and infecting at least 10 sites.

Bill Goodwin

A new version of the virus, originally written for the Macintosh, evaded commercial anti-virus software, catching both IT departments and anti-virus companies off-guard.

Melissa.W, which sends out 50 copies of itself to addresses stored on Microsoft Outlook, struck the UK last week, disrupting e-mail services in some companies.

"Two users opened the attachment and fired the virus off on Wednesday morning, creating a mail storm. We were here until 10pm putting file filters and sweeping the mail database to remove infected files," said an e-mail administrator at one large firm.

The virus struck the company again a day later, forcing its IT department to put a stop on e-mails with Word attachments for three hours, until anti-virus software could be updated.

Although Melissa.W generally caused only limited disruption, the attack has raised concerns that infected companies may be vulnerable to more damaging Macintosh viruses.

"There have been 10 other viruses in the Mac Office format. Anyone who can't detect this virus won't be able to detect those. If you exchange e-mails with people on a Mac, you need to be careful," said Graham Cluley, technical director at virus specialist Sophos.

Like the original, the virus can be recognised by the message "important message fromÉ" in the subject line and the message text "here is that document you asked for".

bill.goodwin@rbi.co.uk

What to do if hit by Melissa.W

  • Instruct staff not to open unexpected attachments, even if it is from someone they know

  • Investigate whether you need to upgrade your anti-virus scanning engines as well as adding the Melissa.W signature. Some engines are not able to detect Melissa.W

  • If you cannot upgrade the virus engine, consider blocking all e-mails with the subject line "important message from". Alternatively, your anti-virus software supplier might be able to supply a patch that will identify the virus from its file size or a check-sum calculation.

    Source: Sophos


  • Email Alerts

    Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    This was first published in January 2001

     

    COMMENTS powered by Disqus  //  Commenting policy