SlideShare ist ein Scribd-Unternehmen logo

Melissa Virus

Als PPTX, PDF herunterladen
Minh Nguyen
Minh Nguyen

When I say examine further the body of Melissa, I mean... the virus, not the stripper. I don't have footage aboot her. ^^

Technologie
1 von 19
Melissa Virus MINH NGUYEN UNIVERSITY OF MISSOURI - COLUMBIA 1
Contents  1. Melissa and its outbreak…....……………………………………………..Slide 3.  2. Examine the body of Melissa……………………………………………..Slide 6.  3. How Melissa hides its activities……………………………………………Slide 13.  4. Dealing with Melissa……………………………………………………......Slide 14.  5. Trivia……………………………………………………………………………Slide 15.  6. Appendix……………………………………………………………………..Slide 16.  7. References……………………………………………………………………Slide 17. 2
1. Melissa virus and its outbreak  A perfect example of the combination of booty and brain.  Imagine that you mix a stripper with a hacker, then you will have the first successful email-aware macro virus that is considered as one of the most destructive of all time.[1] 3
 The Melissa virus or W97M.Melissa.A, also known as W97M.Mailissa, Kwyjibo, or Simpsons, is a macro virus. It was written in Visual Basic by David L. Smith a.k.a. Kwyjibo from New Jersey.[2][3]  It infects a Microsoft Word 97 or Word 2000 document by adding a new macro module named Melissa and spreads among Microsoft Outlook users.[4] The virus only works with Outlook, not Outlook Express.[2]  It has an “additional feature of being able to get around quickly”.[5] The virus was announced to have infected up to 20% of computers worldwide,[6] and the estimated damage was reported $1.1 billion.[7]  Smith wrote this just to impress the stripper he had met in Florida, her name is Melissa. However, he never thought it would cause such that havoc.[1] 4
Outbreak  Melissa was put in the wild in around March 26, 1999. It started as an infected file “list.doc” that was posted up on “alt.sex” newsgroup, claiming to be a list of usernames and passwords for 80 pornographic sites that require memberships.[2]  Once executed (when macros were enabled), the original version of Melissa opens Outlook and sends itself to the first 50 addresses in the address book. If Internet access or Outlook were not available, it would still infect other word documents.[8][7]  Actually, Melissa did not do too much damage to infected user’s PC. However, its mechanisms caused Denial of Service (DOS) attacks to organizations’ network system that relied on MS Outlook as their email client such as Microsoft, Intel, and many more.[8][6] Several major corporations had to shut down their mail servers as they became overloaded with messages created by the virus.[5] 5
2. Examine the body of Melissa  The subject of the email is "Important Message From <Username>“, where “Username” is taken from MS Word setting. The body of the message is "Here is that document you asked for ... don't show anyone else ;-)". The attachment is usually “list.doc”.[2][4] 6
7
Behaviors  When an infected document is opened, Melissa checks if the Microsoft Office registry entry "HKEY_CURRENT_USERSoftwareMicrosoftOffice" has a subdirectory named "Melissa?" exists with "... by Kwyjibo" set as its value. If the value was set, meaning this computer had been infected before, the virus would not do anything. If the value was not set, its primary payload would start the infection and then set the value.[4] 8
9
 In a small percentage of cases (when the day of the month equals the minute value), the second payload of Melissa will insert the following sentence at the current cursor position:[2]  The quote is from Bart of “The Simpsons” cartoon show, who invents the word Kwyjibo to describe a North American ape or his father Homer in a Scrabble-playing episode.[5] 10
 The macro then infects the NORMAL.DOT template file. By default, all Word documents utilize this template; thus, any other opened Word document could be infected.[8]  If users send these infected documents to other people, they indirectly lend Melissa a hand in propagating it. 11
12
3. How Melissa hides its activities  Similar to most macro viruses, this virus tries to hide its activities by disabling the following menu items: + Tools-Macro in MS Word 97: By disabling this menu command, the virus prevents any user from listing the macro / VBA module in MS Word 97 to manually check for infection. + Macro-Security in MS Word 2000: By disabling this menu command, it prevents the user from changing the security level in MS Word 2000.[4] 13
 To hide its infection activities, it also disables the following options in MS Word 97: · Prompt to save Normal template · Confirm conversion at Open · Macro virus protection  With these options disabled, MS Word 97 does not warn or prompt while saving the NORMAL.DOT or while opening a document with macros in it.[4] 14
4. Dealing with Melissa  Melissa is not too hard to detect for Anti-Virus (AV) corporations. However, its propagation speed was extremely quick, can be counted by hour. It had caused a huge havoc before AV corporations jumped in. In some cases, the infected files could not be restored to their original.[9]  Melissa causes changes in template file; therefore, AV software could use checksum method to detect it.[9] Microsoft also came up with a free tool to clean up an infected mail database.[10]  Melissa depends on user’s action to activate; thus, it could be avoided. There are several ways to deal with this bad girl such as: + Learn its signatures to avoid mis-opening the infected file. + Configuring mail system to filter out messages that may contain Melissa. + Disable macros. + Scan the whole system with up-to-date AV.[2][4][8] 15
5. Trivia  The file “list.doc” was uploaded using a stolen AOL account. Within a week of the outbreak, with the help of AOL, Inc., New Jersey police and FBI agents tracked the original file through the hijacked AOL account to Smith.[11][2]  On December 10, 1999, Smith pleaded guilty. However, he agreed to cooperate with the FBI in capturing other virus creators. For his cooperation, he served only 20 months and paid a fine of $5000 of his 10-year sentence.[11]  Some notorious victims of this commitment were Jan de Wit a.k.a. OnTheFly (creator of Anna Kournikova virus and others, arrested in 2001) and Simon Vallor (creator of Gokar virus and others, arrested in 2002).[12]  In return for his services, the FBI paid for Smith's rent, insurance, and utilities, total over $12,000.[12] 16
6. Appendix  The full source code of Melissa virus can be found at: http://www.cs.miami.edu/~burt/learning/Csc521.061/notes/melissa.txt University of Miami.[14] Note: You need to turn off your Anti-Virus in order to view this file. Don’t worry about the virus because it cannot infect the latest MS Word and Outlook.  A short video of how Melissa works can be found on YouTube at: https://www.youtube.com/watch?v=iBGIUd9niXc Uploaded by danooct1.[13] Subscribe his channel for more videos about viruses. 17
7. References  [1] phaneendra. Top 10 Worst PC Virus Outbreaks. List Crux.  [2] Margaret Rouse. Melissa Virus. Tech Target.  [3] Kevin Poulsen. Justice Mysteriously Delayed for ‘Melissa’ Author. The Register.  [4] Raul K. Elnitiarta. W97M.Melissa.A. Symantec Corporation.  [5] Melissa Virus Goes Global. BBC News.  [6] Top Ten Most Destructive Computer Viruses of All Time. Crunkish.  [7] Craig Fosnock. Computer Worms: Past, Present, and Future. East Carolina University.  [8] Melissa Macro Virus. Carnegie Mellon University.  [9] Peter Szor. The Art of Computer Virus Research and Defense. Symantec Corporation.  [10] Virus: W32/Melissa. F-Secure Corporation.  [11] Azwan Jamaluddin. 10 Most Destructive Computer Viruses. Hongkiat.  [12] Court Documents Reveal That Melissa's Author Helped Authorities Catch Other Virus Writers. Sophos Ltd.  [13] Full Source Code of Melissa Virus. University of Miami. (Turn off Anti-Virus to view).  [14] danooct1, Virus.MSWord.Melissa. YouTube. 18
THANK YOU FOR YOUR ATTENTION !!! 19

Empfohlen

Melissa Virus
Melissa VirusMelissa Virus
Melissa Virus
CpavtsJoshA
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
Ammy Vijay
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Malicious
MaliciousMalicious
Malicious
Khyati Rajput
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysis
codefortomorrow
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
List of Malwares
List of MalwaresList of Malwares
List of Malwares
Vishalya Dulam
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
PRANJAL SAIKIA
 

Empfohlen

Melissa Virus
Melissa VirusMelissa Virus
Melissa Virus
CpavtsJoshA
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
Ammy Vijay
 
Malware
MalwareMalware
Malware
Tuhin_Das
 
Malicious
MaliciousMalicious
Malicious
Khyati Rajput
 
Cyber Attack Analysis
Cyber Attack AnalysisCyber Attack Analysis
Cyber Attack Analysis
codefortomorrow
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
List of Malwares
List of MalwaresList of Malwares
List of Malwares
Vishalya Dulam
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
PRANJAL SAIKIA
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Muhammad Osama Khalid
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
INFONAUTICS GmbH
 
Types of malware
Types of malwareTypes of malware
Types of malware
techexpert2345
 
Akash final-year-project report
Akash final-year-project reportAkash final-year-project report
Akash final-year-project report
Akash Rajguru
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Maryam Hidayatallah CPFA,MIPA,MA,CICA
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
Amr Thabet
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
Vikas Sharma
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
hazirma
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
Kriti kohli
 
Ransomware
RansomwareRansomware
Ransomware
Chaitali Sharma
 
Computer virus
Computer virusComputer virus
Computer virus
Mark Anthony Maranga
 
Bluetooth Hacking
Bluetooth HackingBluetooth Hacking
Bluetooth Hacking
Binghamton University
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
amiable_indian
 
Computer virus
Computer virusComputer virus
Computer virus
arif srk
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer
FCA - Future Chartered Accountants
 
Computer virus
Computer virusComputer virus
Computer virus
Walden University
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
shusrusha
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Report
rawaabdullah
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
Aakash Baloch
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
bdemchak
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
100701982
 
COMPUTER VIRUSES AND WORMS.pdf
COMPUTER VIRUSES AND WORMS.pdfCOMPUTER VIRUSES AND WORMS.pdf
COMPUTER VIRUSES AND WORMS.pdf
Mahmud Hasan Tanvir
 

Weitere ähnliche Inhalte

Was ist angesagt?

4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
hazirma
 

Was ist angesagt? (20)

Cyber crime
Cyber crimeCyber crime
Cyber crime
 
How To Protect From Malware
How To Protect From MalwareHow To Protect From Malware
How To Protect From Malware
 
Types of malware
Types of malwareTypes of malware
Types of malware
 
Akash final-year-project report
Akash final-year-project reportAkash final-year-project report
Akash final-year-project report
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Stuxnet - Case Study
Stuxnet - Case StudyStuxnet - Case Study
Stuxnet - Case Study
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
 
What is a computer virus
What is a computer virusWhat is a computer virus
What is a computer virus
 
Ransomware
RansomwareRansomware
Ransomware
 
Computer virus
Computer virusComputer virus
Computer virus
 
Bluetooth Hacking
Bluetooth HackingBluetooth Hacking
Bluetooth Hacking
 
IDS - Fact, Challenges and Future
IDS - Fact, Challenges and FutureIDS - Fact, Challenges and Future
IDS - Fact, Challenges and Future
 
Computer virus
Computer virusComputer virus
Computer virus
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer
 
Computer virus
Computer virusComputer virus
Computer virus
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
 
computer virus Report
computer virus Reportcomputer virus Report
computer virus Report
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 

Ähnlich wie Melissa Virus

Data loss causes and its threats
Data loss causes and its threatsData loss causes and its threats
Data loss causes and its threats
Remo Software
 
New Wordpad Document
New Wordpad DocumentNew Wordpad Document
New Wordpad Document
shoib_245
 
Threats of Computer System and its Prevention
Threats of Computer System and its PreventionThreats of Computer System and its Prevention
Threats of Computer System and its Prevention
Universitas Pembangunan Panca Budi
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
Joy Chakraborty
 
External threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesExternal threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimes
Souman Guha
 
Computer virus
Computer virusComputer virus
Computer virus
omroyal
 

Ähnlich wie Melissa Virus (20)

Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
COMPUTER VIRUSES AND WORMS.pdf
COMPUTER VIRUSES AND WORMS.pdfCOMPUTER VIRUSES AND WORMS.pdf
COMPUTER VIRUSES AND WORMS.pdf
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURES
 
Data loss causes and its threats
Data loss causes and its threatsData loss causes and its threats
Data loss causes and its threats
 
Viruses
VirusesViruses
Viruses
 
New Wordpad Document
New Wordpad DocumentNew Wordpad Document
New Wordpad Document
 
Threats of Computer System and its Prevention
Threats of Computer System and its PreventionThreats of Computer System and its Prevention
Threats of Computer System and its Prevention
 
PPT on information technology laws description
PPT on information technology laws descriptionPPT on information technology laws description
PPT on information technology laws description
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
External threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesExternal threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimes
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
Virus
VirusVirus
Virus
 
Computer viruses and its prevention
Computer viruses and its preventionComputer viruses and its prevention
Computer viruses and its prevention
 
INFORMATION AND COMPUTER SECURITY.pptx
INFORMATION AND COMPUTER SECURITY.pptxINFORMATION AND COMPUTER SECURITY.pptx
INFORMATION AND COMPUTER SECURITY.pptx
 
Senior seminar virus
Senior seminar virusSenior seminar virus
Senior seminar virus
 
Computer virus and worms
Computer virus and wormsComputer virus and worms
Computer virus and worms
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 

Kürzlich hochgeladen

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 

Melissa Virus

  • 1. Melissa Virus MINH NGUYEN UNIVERSITY OF MISSOURI - COLUMBIA 1
  • 2. Contents  1. Melissa and its outbreak…....……………………………………………..Slide 3.  2. Examine the body of Melissa……………………………………………..Slide 6.  3. How Melissa hides its activities……………………………………………Slide 13.  4. Dealing with Melissa……………………………………………………......Slide 14.  5. Trivia……………………………………………………………………………Slide 15.  6. Appendix……………………………………………………………………..Slide 16.  7. References……………………………………………………………………Slide 17. 2
  • 3. 1. Melissa virus and its outbreak  A perfect example of the combination of booty and brain.  Imagine that you mix a stripper with a hacker, then you will have the first successful email-aware macro virus that is considered as one of the most destructive of all time.[1] 3
  • 4.  The Melissa virus or W97M.Melissa.A, also known as W97M.Mailissa, Kwyjibo, or Simpsons, is a macro virus. It was written in Visual Basic by David L. Smith a.k.a. Kwyjibo from New Jersey.[2][3]  It infects a Microsoft Word 97 or Word 2000 document by adding a new macro module named Melissa and spreads among Microsoft Outlook users.[4] The virus only works with Outlook, not Outlook Express.[2]  It has an “additional feature of being able to get around quickly”.[5] The virus was announced to have infected up to 20% of computers worldwide,[6] and the estimated damage was reported $1.1 billion.[7]  Smith wrote this just to impress the stripper he had met in Florida, her name is Melissa. However, he never thought it would cause such that havoc.[1] 4
  • 5. Outbreak  Melissa was put in the wild in around March 26, 1999. It started as an infected file “list.doc” that was posted up on “alt.sex” newsgroup, claiming to be a list of usernames and passwords for 80 pornographic sites that require memberships.[2]  Once executed (when macros were enabled), the original version of Melissa opens Outlook and sends itself to the first 50 addresses in the address book. If Internet access or Outlook were not available, it would still infect other word documents.[8][7]  Actually, Melissa did not do too much damage to infected user’s PC. However, its mechanisms caused Denial of Service (DOS) attacks to organizations’ network system that relied on MS Outlook as their email client such as Microsoft, Intel, and many more.[8][6] Several major corporations had to shut down their mail servers as they became overloaded with messages created by the virus.[5] 5
  • 6. 2. Examine the body of Melissa  The subject of the email is "Important Message From <Username>“, where “Username” is taken from MS Word setting. The body of the message is "Here is that document you asked for ... don't show anyone else ;-)". The attachment is usually “list.doc”.[2][4] 6
  • 7. 7
  • 8. Behaviors  When an infected document is opened, Melissa checks if the Microsoft Office registry entry "HKEY_CURRENT_USERSoftwareMicrosoftOffice" has a subdirectory named "Melissa?" exists with "... by Kwyjibo" set as its value. If the value was set, meaning this computer had been infected before, the virus would not do anything. If the value was not set, its primary payload would start the infection and then set the value.[4] 8
  • 9. 9
  • 10.  In a small percentage of cases (when the day of the month equals the minute value), the second payload of Melissa will insert the following sentence at the current cursor position:[2]  The quote is from Bart of “The Simpsons” cartoon show, who invents the word Kwyjibo to describe a North American ape or his father Homer in a Scrabble-playing episode.[5] 10
  • 11.  The macro then infects the NORMAL.DOT template file. By default, all Word documents utilize this template; thus, any other opened Word document could be infected.[8]  If users send these infected documents to other people, they indirectly lend Melissa a hand in propagating it. 11
  • 12. 12
  • 13. 3. How Melissa hides its activities  Similar to most macro viruses, this virus tries to hide its activities by disabling the following menu items: + Tools-Macro in MS Word 97: By disabling this menu command, the virus prevents any user from listing the macro / VBA module in MS Word 97 to manually check for infection. + Macro-Security in MS Word 2000: By disabling this menu command, it prevents the user from changing the security level in MS Word 2000.[4] 13
  • 14.  To hide its infection activities, it also disables the following options in MS Word 97: · Prompt to save Normal template · Confirm conversion at Open · Macro virus protection  With these options disabled, MS Word 97 does not warn or prompt while saving the NORMAL.DOT or while opening a document with macros in it.[4] 14
  • 15. 4. Dealing with Melissa  Melissa is not too hard to detect for Anti-Virus (AV) corporations. However, its propagation speed was extremely quick, can be counted by hour. It had caused a huge havoc before AV corporations jumped in. In some cases, the infected files could not be restored to their original.[9]  Melissa causes changes in template file; therefore, AV software could use checksum method to detect it.[9] Microsoft also came up with a free tool to clean up an infected mail database.[10]  Melissa depends on user’s action to activate; thus, it could be avoided. There are several ways to deal with this bad girl such as: + Learn its signatures to avoid mis-opening the infected file. + Configuring mail system to filter out messages that may contain Melissa. + Disable macros. + Scan the whole system with up-to-date AV.[2][4][8] 15
  • 16. 5. Trivia  The file “list.doc” was uploaded using a stolen AOL account. Within a week of the outbreak, with the help of AOL, Inc., New Jersey police and FBI agents tracked the original file through the hijacked AOL account to Smith.[11][2]  On December 10, 1999, Smith pleaded guilty. However, he agreed to cooperate with the FBI in capturing other virus creators. For his cooperation, he served only 20 months and paid a fine of $5000 of his 10-year sentence.[11]  Some notorious victims of this commitment were Jan de Wit a.k.a. OnTheFly (creator of Anna Kournikova virus and others, arrested in 2001) and Simon Vallor (creator of Gokar virus and others, arrested in 2002).[12]  In return for his services, the FBI paid for Smith's rent, insurance, and utilities, total over $12,000.[12] 16
  • 17. 6. Appendix  The full source code of Melissa virus can be found at: http://www.cs.miami.edu/~burt/learning/Csc521.061/notes/melissa.txt University of Miami.[14] Note: You need to turn off your Anti-Virus in order to view this file. Don’t worry about the virus because it cannot infect the latest MS Word and Outlook.  A short video of how Melissa works can be found on YouTube at: https://www.youtube.com/watch?v=iBGIUd9niXc Uploaded by danooct1.[13] Subscribe his channel for more videos about viruses. 17
  • 18. 7. References  [1] phaneendra. Top 10 Worst PC Virus Outbreaks. List Crux.  [2] Margaret Rouse. Melissa Virus. Tech Target.  [3] Kevin Poulsen. Justice Mysteriously Delayed for ‘Melissa’ Author. The Register.  [4] Raul K. Elnitiarta. W97M.Melissa.A. Symantec Corporation.  [5] Melissa Virus Goes Global. BBC News.  [6] Top Ten Most Destructive Computer Viruses of All Time. Crunkish.  [7] Craig Fosnock. Computer Worms: Past, Present, and Future. East Carolina University.  [8] Melissa Macro Virus. Carnegie Mellon University.  [9] Peter Szor. The Art of Computer Virus Research and Defense. Symantec Corporation.  [10] Virus: W32/Melissa. F-Secure Corporation.  [11] Azwan Jamaluddin. 10 Most Destructive Computer Viruses. Hongkiat.  [12] Court Documents Reveal That Melissa's Author Helped Authorities Catch Other Virus Writers. Sophos Ltd.  [13] Full Source Code of Melissa Virus. University of Miami. (Turn off Anti-Virus to view).  [14] danooct1, Virus.MSWord.Melissa. YouTube. 18
  • 19. THANK YOU FOR YOUR ATTENTION !!! 19