Melissa (computer virus)

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

Description
The virus was released on March 26, 1999, by David L. Smith. Smith used a hijacked AOL account to post the virus onto an Internet newsgroup called "alt.sex." It soon ended up on similar sex groups and pornographic sites before spreading to corporate networks. However, the virus itself was credited to Kwyjibo, a macro virus writer for VicodinS and ALT-F11, by comparing Microsoft Word documents with the same globally unique identifier. This method was also used to trace the virus back to Smith.

The "list.doc" file contains a Visual Basic script that copies the infected file into a template file used by Word for custom settings and default macros. If the recipient opens the attachment, the infected file will be read to computer storage. The virus then creates an Outlook object, reads the first 50 names in each Outlook Global Address Book, and sends a copy of itself to the addresses read. Melissa works on Microsoft Word 97, Microsoft Word 2000 and Microsoft Outlook 97 or 98 email clients. Microsoft Outlook is not needed to receive the virus in email, but it is unable to spread via other emails without it.

A second payload occurred when the current minute matches the day when it is being launched, where the quote "Twenty-two points, plus triple-word-score, plus 50 points for using all my letters. Game's over. I'm outta here." is inserted into open Microsoft Word documents. This, and the Kwyjibo alias used in the macro script, both derive from an episode of The Simpsons, Bart the Genius.

Impact
The virus slowed down email systems due to overloading Microsoft Outlook and Microsoft Exchange servers with emails. Major organizations impacted included Microsoft, Intel Corp, and the United States Marine Corps. The Computer Emergency Response Team, a Pentagon-financed security service at Carnegie Mellon University, reported 250 organizations called regarding the virus, indicating at least 100,000 workplace computers were infected, although the number is believed to be higher. An estimated one million email accounts were hijacked by the virus. The virus was able to be contained within a few days, although it took longer to remove it from infected systems entirely. At the time, it was the fastest spreading email worm.

Arrest
On April 1, 1999, Smith was arrested in New Jersey due to a tip from AOL and a collaborative effort involving the FBI, the New Jersey State Police, Monmouth Internet, a Swedish computer scientist, and others. Smith was accused of causing US$80 million worth of damages by disrupting personal computers and computer networks in business and government.

On December 10, 1999, Smith pleaded guilty to a second-degree charge of computer theft and a federal charge of damaging a computer program due to releasing the virus.

On May 1, 2002, he was sentenced to 20 months in federal prison and fined USD $5,000.