The Melissa virus is a macro virus spread through a Microsoft Word 97 or Word 2000 e-mail attachment that, when opened, activates a macro through the Microsoft Outlook program and e-mails itself to the first fifty names in the address book of the infected computer. The message's subject line reads “Important Message from (name of someone you know)”, and the body begins “Here is that document you asked for ... don't show anyone else ;—”. 
What startled experts about this particular virus was its ability to propagate itself across a vast number of systems in the commercial, government, and military realms in a very short period of time. The Melissa virus used the Internet to spread rapidly and exploited a known weakness in the macro command language common to Microsoft applications. Many people had macro virus protection turned on, which protected their computers from becoming infected. In essence, when someone received the document containing Melissa, the virus protection feature would ask the user if they wished to open it. If the user said “no”, then Melissa would not be activated and not infect their computer. Because of this, many computers that were attacked did not become infected. The rapid distribution of the virus degraded or disrupted computer networks by means of sending more messages than e-mail systems could handle, which resulted in a denial of service on some networks, as they had to be shut down while the virus was eliminated from the system. Another serious concern with Melissa is that once it successfully entered a system, macro virus protection settings were disabled, thus making the system vulnerable to more damaging macro viruses that could now infect these systems without detection. There is a fear that these macro commands can be used to have the victim's computer send, by e-mail, sensitive or secret documents on the victim's hard drive to others without the knowledge of the victim. Further, the Melissa virus could be redesigned to erase or alter data, which could have disastrous effects on businesses, government agencies, and individuals.
Eleven years ago the Morris Worm was released onto the Internet, but at that time only 6,000 or so computers were affected, blunting the impact. Today millions of computers are hooked up to the Internet; the potential for damage just from the number of potential affected users is vast. The Melissa virus exploited a known weakness, but if a virus attacked computers attached to the Internet utilizing an unknown weakness, the results could be overwhelming. Commerce could be jeopardized, either because no information could be passed using the Internet or because information passed over the Internet might be considered unreliable. Many businesses now rely on the Internet as a primary or even sole carrier of information. If the Internet ceased to function, the consequent losses could ultimately be measured in tens of billions rather than millions of dollars. Viruses are a serious concern. There are an estimated 30,000 computer viruses in circulation, and about 300 new ones are created each month. Fortunately, in the spectrum of possible damage, the harm caused by the Melissa virus is serious but temporary. The virus does not cause the loss of data, but did affect tens of thousands of systems, resulting in a loss of productivity when the systems were shut down. For example, within the federal government, the Marine Corps was forced to halt its base-to-base e-mail system until the virus was contained.
One private sector company disclosed that its corporate computer network was battered by 32,000 e-mail messages in a 45-minute period, effectively shutting it down for legitimate uses. Numerous organizations were forced to cut their e-mail off from the outside world to insulate themselves. The virus was reported to have affected a total of 81,285 machines. As yet we have no hard estimates of the cumulative monetary damage resulting from the loss of productivity and other disruptions associated with the virus. What steps can be taken to protect federal and private sector systems?
There are several steps that can be taken to better protect our networks from such attacks. First, there are numerous virus protection software packages available on the market that can detect, clean, and attempt to predict suspicious program behavior. Updates can be obtained from the Internet on a continual basis. Users should be sure that their computers are running the most up-to-date virus protection software. Second, users need to be careful about what they take from the Internet and avoid being too hasty in opening attached files, both from known users and especially from users unknown to them. In the case of Melissa, the virus was activated only if the attachment was opened. These basic precautions could protect the user from viruses spread on the Internet. Finally, in order to protect the larger network community, system administrators should quickly report computer assaults and viruses to the appropriate government organizations. These entities can provide timely information to other users and take appropriate steps to protect the networks. Words:1,000We are fortunate that this virus did not do more damage than it did. Its occurrence serves as a wake-up call, for both the government and the private sector, regarding the threat from vicious viruses being spread over the Internet. There are several lessons to be learned from the Melissa virus. First, users need to be careful about attached files sent to them, especially, but not only, if the source of the file is in doubt. Second, users should be aware of the virus protection software that exists, and ensure that they have up-to-date virus protection on their systems, and are running the virus protection already built into their software packages. Finally, attacks such as Melissa demonstrate the need to formulate tough laws regarding computer crime. Because of the ease of writing and distributing destructive viruses, discouraging people from engaging in such conduct is the most effective method of prevention. Computer criminals who are intent on planting viruses such as Melissa need to know that justice will be swift, certain and severe.
