Skip Links

Melissa virus turning 10 ... (age of the stripper unknown)

By Paul McNamara on Tue, 03/24/09 - 12:46pm.

W97M_Melissa

Somewhere out there in America is a stripper (or former stripper) who for 10 years has lived with the naked truth that she was David L. Smith's inspiration for naming the first widely destructive, self-propagating, network-paralyzing, e-mail-borne macro virus: W97M_Melissa.

When the 10th anniversary of Melissa's explosive debut occurs later this week, perhaps its namesake will celebrate her notoriety quietly with friends, family and/or her bigger tippers. Those IT professionals who had to deal with the fallout a decade ago are more likely to mutter an obscenity or two.

(Network World Panorama: Lessons Learned 10 Years After Melissa Virus)

It was Friday, March 26, 1999 when Melissa first began to bring corporate and government e-mail systems to their knees. By the time all was said and done, hundreds of networks would be temporarily crippled -- including those of Microsoft and the United States Marine Corps -- an untold number of e-mail users would be affected, and an overall damage figure of $80 million bandied about. As for Smith, he would be unmasked by an Internet sleuth, arrested at his brother's house in Eatontown, N.J., eventually plead guilty and be sentenced to 20 months of jailhouse lap dances.

"We've been swamped all day with customers calling in with this," a TrendMicro executive told CNET News that day. "It's spreading extremely quickly. Twenty major corporate sites have called us."

CERT issued an advisory and FAQ the next morning:

At approximately 2:00 PM GMT-5 on Friday March 26 1999 we began receiving reports of a Microsoft Word 97 and Word 2000 macro virus which is propagating via email attachments. The number and variety of reports we have received indicate that this is a widespread attack affecting a variety of sites.

Our analysis of this macro virus indicates that human action (in the form of a user opening an infected Word document) is required for this virus to propagate. It is possible that under some mailer configurations, a user might automatically open an infected document received in the form of an e-mail attachment.

Aimed exclusively at users of Microsoft Outlook and Exchange Server, Melissa hit inboxes carrying this subject line: "Here is that document you asked for . . . don't show anyone else ;-)" Attached was a Word document containing passwords for porn sites. Opening the file allowed Melissa to send copies of itself to the first 50 names in the recipient's address book.

By Sunday morning, Melissa's exploits were being reported worldwide as the Internet's fastest-spreading virus to date. Not only did this news and the inconvenience to users trample upon what was then a still immature public awareness of the Internet and its inner workings, it had experts dreading Monday's start of the work week. Sunday's New York Times reported:

Eric Allman, a co-founder of Sendmail, said he was concerned that the problem would worsen on Monday morning when employees find these messages in their E-mail in-boxes. "This will get into a lot of mail boxes and lay dormant," he said. When employees come in at 8 A.M. and read these messages, it will cause an explosive growth of the virus."

Monday found network professionals indeed scrambling to control Melissa's damage, but the worst fears of some experts failed to be realized. I was in Dallas covering an Electronic Messaging Association conference from which a number of attendees had to excuse themselves in order to be at their workplaces to deal with the mess. From the Times.

Whoever the virus writer is, the work took its toll today. The Computer Emergency Response Team, a Pentagon-financed security service at Carnegie Mellon University, reported calls from 250 organizations indicating the virus had affected at least 100,000 workplace computers.

"We believe the number is probably higher than that," said Jeff Carpenter, a team leader for the group, but because of precautions taken by companies over the weekend, "we do think the problem has not been as bad today as we feared it might be."

By then the search for Melissa's author -- or authors -- was well under way both by legal authorities and Internet experts, one of whom -- Richard Smith, president of Phar Lap Software -- would coincidentally share the culprit's last name.

Although Mr. Smith usually spends his time designing software tools and operating systems, over the weekend he used programmers' tools to peer inside the document carrying the virus known as Melissa, which has wildly spread through the Internet in recent days.

Mr. Smith found indications that the virus is a work of a programmer -- or possibly a small group -- who wrote and distributed a similar program two years ago. Moreover, by searching the World Wide Web, he has found clues to the identity of the programmers and even more striking evidence that could lead the authorities to the computer on which the program was written.

David L. Smith, 30-year-old programmer and veteran virus writer, was arrested on April Fool's Day.

While his lawyer originally tried to characterize Melissa as closer to graffiti than cyberterrorism, Smith would eventually strike a plea bargain, which prompted this press-release comment from U.S. Attorney Christopher J. Christie: "Virus writers seem emboldened by technology and enjoy the thrill of watching the damage they reap. But the case of Mr. Smith and his Melissa virus should prove to others that it's a fool's game."

Ten years later and the fool's game continues as though David L. Smith had never met that stripper.

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

2009's 25 Geekiest 25th Anniversaries.

Tweeting with "Star Trek" actor sparks kitchen fire?

40% of geeks surveyed admit to working ... how many hours?

A few clean words from the creator of Cursebird.

Want to close your LendingTree account? Sorry, no can do.

Girl's 22,795 text messages in a month nothing to celebrate