A virus that spreads a list of pornography sites via email hit computers over the weekend and threatened havoc Monday as workers return to offices and begin reading their email.
The virus, called "Melissa," comes in the form of a document that lists Web pornography sites.
Computer experts said the virus was aimed at widely used Microsoft Windows-based email and address book software, Outlook and Outlook Express, and it can send up to 50 additional versions of the email to other users, threatening a widespread infection of computer systems.
That could create a flood of unwanted emails around the Internet as the program perpetuates itself using pre-programmed "macros," software embedded in the Windows operating system that sets off complex computer functions with one command.
"It could grow explosively and shut down email systems as a side effect," said Eric Allman, co-founder of Sendmail, an Emeryville, California, provider of email services.
A number of leading software security firms and academic experts posted warnings about the email threat, including Network Associates, the leading anti-virus software maker.
"Melissa is widely reported and spreading quickly via mass email, a function of the viral infection," said Network Associates, based in Santa Clara, California.
Carnegie Mellon University's Software Engineering Institute issued an advisory that said, "The number and variety of reports we have received indicate that this is a widespread attack affecting a variety of sites."
The only damage the virus causes is that it replicates itself and creates a flood of email, though it apparently does not hurt the computer itself, experts said.
The real danger is that the virus will overwhelm the server computers that handle computer messaging systems, which could lead to system shutdowns as each email multiplies itself 50 times. Already, a wave of the emails has been sent out and awaits office workers Monday morning.
"It's not doing malicious things or removing files or anything like that," Allman said. "I've heard claims that it has been doing more but I haven't seen any substantial verification of that. It's really more of a wake-up call, that shows us how you could take a malicious virulent virus and reproduce it all over the place very quickly."
Computer experts warned users to be wary of documents sent from any senders asking them to open up a file for Microsoft Word. That file, in turn, asks for a prompt asking users whether they want to initiate a "macro," and requires users to approve its use. Those checkoffs make it relatively easy to avoid the problem.
Microsoft itself has simply warned users to "be careful about what runs on their machine," The New York Times reported. Carnegie Mellon said, "our analysis indicates that human action (in the form of a user opening an infected Word document) is required for this virus to activate."
The virus can be identified, Network Associates said, because it will read "Important Message From Application.UserName." The body of the text reads "Here is that document you asked for ... don't show anyone else" and contains a list of pornographic Web sites.
Melissa creates the following entry in the registry: HKEYCURRENTUSER/Software/Microsoft/Office/"Melissa?"
Network Security said that to avoid the risk of contracting the Melissa virus, "it is recommended that network administrators and users upgrade their anti-virus software to include detection and cleaning for W97M/Melissa."
Network Security posted information about the virus on the Web site of its Avert Labs division. Sendmail and Carnegie Mellon also posted advice on the Melissa problem.
Computer experts said if advisories were followed, the problem would probably not become a widespread worry.
"I suspect we'll see a day or two of extremely high email loads and then it will just die out, so in some sense this virus is not that critical but it's one that demonstrates what could happen if a truly malicious virus were released," Sendmail's Allman said. "The ability to spread something so broadly is scary."
Copyright© 1999 Reuters Limited.
