Historic Hacks – Melissa
In this historic hacks article, we’ll be taking a trip back to 1999, and looking at the Melissa macro virus, known as the first successful mass-mailing virus.
On the 26th March 1999, David L. Smith uploaded a Microsoft Word document to the alt.sex Usenet group with a macro hidden inside of it. The document was a list of passwords for pornographic websites that required membership. When the document was opened the hidden macro automatically executed allowing Melissa to spread.
The macro inside the document was designed to change a number of macro settings for Microsoft Word, and if the user had Microsoft Outlook installed (which normally came with Microsoft Word as part of the Microsoft Office suite) it would create a new email and send it to the first 50 people in the user’s address book. Spreading by sending email would only work with the Outlook application that came with Office, rather than the similarly named but unrelated Outlook Express client which came with the Microsoft Windows operating system.
The email had the subject line “Important Message From ” followed by a name, and the body text read “Here is that document you asked for…don’t show anyone else ;-)”. The attached file was named LIST.DOC. Clicking on the attachment in Outlook, or opening the attached document in Microsoft Word ran the macro, and the process would then repeat with the virus mailing itself on to that user’s contacts. If the number of minutes in the time matched the month then an extra easter-egg would run by writing out a quote from the Simpsons TV show at the current cursor position.
The Melissa virus made no attempts to damage the computer or delete any files. It was purely an attempt to flood mail servers with an excessive amount of email. To this end, it worked very well, with reports of 20% of the world’s computers having been infected and companies such as Microsoft blocking incoming email to their networks in attempts to slow it down. Its success was mostly due to the fact that users weren’t familiar with being skeptical of unsolicited emails, and with the email coming from a familiar person made it automatically trusted.
Who is David Smith?
David Smith was caught for releasing the Melissa virus, and in December 1999 and sentenced to 10 years in prison and fined $5,000. He was released after serving 20 months. In case you’re wondering, Melissa itself was named after a lap dancer he had met in Florida.
The legacy of the Melissa virus is in highlighting the dangers of trusting and running macros by default in the Microsoft Office applications. Macros were devised as a method by which users could automate repetitive tasks when working on documents, such as when preparing a document to mail-shot multiple people as used in Melissa’s case. They also appealed to virus writers who could do many of the things they would with an executable virus, but hide them in a document that users would assume was safe. The following years saw a number of similar mail spreading viruses such as the ILOVEYOU and Anna Kournikova viruses. Both spread far faster by emailing everyone in the user’s address book, rather than just the first 50, and were sent as VBS script file attachments which executed in Outlook rather than Word documents. While the Kournikova virus carried no malicious payload, the ILOVEYOU virus overwrote a number of files on the attacked system, potentially rendering systems unbootable.