A dangerous variant of the Melissa virus, called Melissa.w, has been detected by anti-virus experts. Melissa had created havoc nine months ago. This new variant has already been sent to at least three major British banks and is spreading rapidly to other businesses. Like the original nine-month-old Melissa virus, Melissa.w is dangerous. It replicates by e-mailing copies of itself to the first 50 addresses listed in the MS Outlook address book on any machine it infects. The subect line of these messages reads- Message from <username> with the text of the body reading " This document is very important and you've got to read this !!!". When the infected document is opened, the virus disables protection security settings, conversion confirmation and recently opened file list. The hard part is later, on Christmas day, when the virus attempts to format the hard drives of infected computers. It is yet unknown whether the virus does this only if it is infected on Christmas or if the virus lies dormant. Antivirus experts at Network Associates (of McAfee fame) say that it will not reformat Windows NT computers, but will destroy Windows 95 and Windows 98 machines the first time they are restarted following infection. A small crumb of comfort is that it displays an error message before formatting the disk, reading: "(C) 1999 - CyberNET Vine... Vide... Vice...Moslem Power Never End... You Dare Rise Against Me... The Human Era is Over, The CyberNET Era Has Come!!! [OK]" . It also overlays several coloured shapes onto the open document and overwrites the autoexec.bat file, formats the C drive before displaying the above message. Network Associates has released patches for its VirusScan which is available at http://vil.nai.com/vil/vm10441.asp. Symantec, the makers of Norton AntiVirus (NAV), which calls this virus the W97M.Prilissa.A, has announced that users of NAV are automatically protected against this virus, by virtue of its heuristic technology. The company has posted the cure on its website at www.symantec.com/avcenter/download.html and also through its live update facility. Antivirus experts said the infection highlights the vulnerability of Microsoft Word 97 to VBA macro viruses. NAI warned that Word 97 does flag the presence of a macro when a user opens a Melissa.w-infected document, but many users ignore the warnings or turn them off because many documents contain harmless macros.
also see : An update on viruses And they keep coming back More virus scares Beware of email trojan in Microsoft garb http://vil.nai.com/vil/vm10441.asp Yet another virus
|