Melissa (computer worm)

Melissa (computer worm)

The Melissa worm, also known as "Mailissa", "Simpsons", "Kwyjibo", or "Kwejeebo", is a mass-mailing macro virus, hence leading some to classify it as a computer worm.


First found on March 26, 1999, Melissa shut down Internet mail systems that got clogged with infected e-mails propagating from the worm.Melissa was not originally designed for harm, but it overflowed servers and caused unplanned problemsFact|date=May 2008.

Melissa was first distributed in the Usenet discussion group The virus was inside a file called "List.DOC", which contained passwords that allow access into 80 pornographic websites. The worm's original form was sent via e-mail to many people.

Melissa was written by David L. Smith in Aberdeen Township, New Jersey, and named after a lap dancer he encountered in Florida. The creator of the virus called himself "Kwyjibo", but was shown to be identical to macrovirus writers "VicodinES" and "Alt-F11" who had several Word-files with the same characteristic Globally Unique Identifier (GUID), a serial number that was earlier generated with the network card MAC address as a component. Smith was sentenced to 20 months in a federal prison and fined $5,000 United States dollars. cite press release
title = Creator of Melissa Computer Virus Sentenced to 20 Months in Federal Prison
publisher = U.S. Department of Justice
date = 2002-05-01
url =
accessdate = 2006-08-30
] This arrest was a result of collaboration between the FBI, New Jersey State Police and Monmouth Internet.cite press release
title = Tracking Melissa's alter egos
publisher = ZDNet
date = 1999-4-02
url =

Worm specifications

Melissa can spread on word processors Microsoft Word 97 and Word 2000 and also Microsoft Excel 97, 2000 and 2003. It can mass-mail itself from e-mail client Microsoft Outlook 97 or Outlook 98.

If a Word document containing the virus, either LIST.DOC or another infected file, is downloaded and opened, then the macro in the document runs and attempts to mass mail itself.

When the macro mass-mails, it collects the first 50 entries from the alias list or address book, and sends it to the e-mail addresses of those names.


This variant also deletes critical files. Before deleting the files, it strips them of their archive, hidden, and read-only attributes.
* C:Suhdlog.dat
* D:Io.sys
* D:Suhdlog.dat


This is another variant of the original Melissa macro virus, and is akin to Melissa.U. It uses Microsoft Outlook, and tries to send itself to the first 40 addresses in Outlook's address book. The subject line of the infected e-mail sent out is: "My Pictures ()", where is the name to whom the sender's copy of Microsoft Word is registered.

There is also a variant of the virus named Melissa.V/E which is known to seek and destroy Microsoft Excel documents, randomly deleting sets of data from files, or, at the worst, making them completely useless by applying a set of malicious Macro code. To make the code more simple, the author has incripted only a vectorial search pattern in it, so the virus can only delete linear sets of data, usually random rows or colums in a table. It also has a search parameter that makes it go only for unique sets of data, known to cause more damage.

A later edit of this variant makes backup copies of the destroyed files, and asks for a ransom of $100 to be transferred into an offshore account in return for the files. The account has been traced back to the owner. Though, due to a malfunction in code, this only happens in less than 1% of cases, but the code still makes copies.

This virus was rendered obsolete when it was discovered that it leaves visible traces in the Windows Registry, providing enough data to ensure it's destruction, and the retrieval of stolen data.

A special version of this variant also modifies the backed-up data, fooling the user even more. It searches for numeric data inside the files, and then, with the help of a random number generator, it slightly modifies the data, not visible, but making it useless.

There is no body to the email, but there is an infected document attached. If this is opened, the payload is triggered immediately. It tries to delete data from the following (local or network) destinations: F:, H:, I:, L:, M:, N:, O:, P:, Q:, S:, X:, and Z:.

Once complete, it beeps three times and then shows a message box with the text: "Hint: Get Norton 2000 not McAfee 4.02".


This is the same as Melissa.A.


This is what the e-mails from this version contain: Subject: Extremely URGENT: To All E-Mail User - Attachment: Body: This announcement is for all E-MAIL user. Please take note that our E-Mail Server will down and we recommended you to read the document which attached with this E-Mail.

Melissa.AO's payload occurs at 10 a.m. on the 10th day of each month.The payload consists of the worm inserting the following string into the document: "Worm! Let's We Enjoy."

ee also

*Timeline of notable computer viruses and worms
* List of computer viruses
*Morris worm
*SQL slammer worm
*Code Red worm

Notes and references

ources/external links

* [ F-Secure Melissa Page]
* []
* [ Source Code of the Virus]

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Melissa (computer virus) — The Melissa virus, also known as Mailissa , Simpsons , Kwyjibo , or Kwejeebo , is a mass mailing macro virus. As it is not a standalone program, it is not a worm. Contents 1 History 2 David L. Smith 3 Virus specifications …   Wikipedia

  • Computer fraud — is the use of information technology to commit fraud. In the United States, computer fraud is specifically proscribed by the Computer Fraud and Abuse Act, which provides for jail time and fines. Contents 1 Notable incidents 2 See also 3 External… …   Wikipedia

  • Computer fraud case studies — BackgroundThe purpose of this page is to explore case studies in using Information Technology to commit fraud. Computer fraud is the act of using a computer to commit fraud (A deception deliberately practiced in order to secure unfair or unlawful …   Wikipedia

  • Computer crime — Computer crime, or cybercrime, refers to any crime that involves a computer and a network.[1] The computer may have been used in the commission of a crime, or it may be the target.[2] Netcrime refers to criminal exploitation of the Internet.[3]… …   Wikipedia

  • Timeline of computer viruses and worms — Contents 1 1960–1969 1.1 1966 2 1970–1979 2.1 1 …   Wikipedia

  • List of computer criminals — Hacker Adrian Lamo (left) with contemporaries Kevin Mitnick (center) and Kevin Poulsen …   Wikipedia

  • Timeline of computer security hacker history — This is a timeline of computer security hacker history. Hacking and system cracking appeared with the first electronic computers. Below are some important events in the history of hacking and cracking.1970s1971* John T. Draper (later nicknamed… …   Wikipedia

  • List of computer viruses (L–R) — This list is incomplete; you can help by expanding it. Name Alias(es) Type Subtype Isolation Date Isolation Origin Author Notes L1 …   Wikipedia

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

  • Хронология компьютерных вирусов и червей — Здесь приведён хронологический список появления некоторых известных компьютерных вирусов и червей, а также событий, оказавших серьёзное влияние на их развитие. Содержание 1 2012 2 2011 3 2010 4 2009 …   Википедия

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.