As its name implies, a macro virus consists of macro code embedded within a single prompt, command or application. When invoked, the virus executes a specific set of instructions. The Melissa virus had two (2) purposes: To disable or corrupt native security features in Microsoft (MS) Word 97 and 2000, and to crawl a user’s Outlook email account, duplicating and sending itself to fifty (50) contacts in a in their address book. While the Melissa virus did not work on Outlook Express or any other email client, it spread exponentially and rapidly caused the United States Department of Defense (DOD), the United Kingdom Ministry of Defense, and a number of corporations (including Microsoft) to pull their email servers offline.
Smith, a native of New Jersey, distributed the Melissa virus through an online newsgroup called “alt.sex” on March 26, 1999. Thereafter, the subject line of the email containing the Melissa virus would read “Important Message from [name]”—where [name] was a placeholder for the name of the last recipient to be infected. The email’s text read “Here is that document you asked for…don’t show anyone else ;-).” The document referenced was an attachment named “List.doc.” Once clicked, the virus would check for the existence of a sub-directory named “Melissa?” in the Microsoft Office registry key. If not found, the replicating process would begin, and emails would be sent to the first fifty (50) contacts in Outlook’s Global Address List (GAL).
HKEY_CURRENT_USERSoftwareMicrosoftOffice”Melissa?”=”…by Kwyjibo.” – Click here to watch
It was later determined that Kwyjibo was one of David L. Smith’s aliases: VicodinES and Alt-F11 were believed to be others. A common rule to using email is to never open a message or attachment from anyone you don’t know. The macros in the Melissa virus was ingenious in that it compromised an infected machine’s contact list, thereby undermining the intelligence of countless email users. This prompted the DOD and many other private organizations to add scanning prerequisites to their file accessing policies. It also lead to use, training and exclusion policies—the latter mandating users to have anti-virus (AV) software protection prior to accessing networks.
The DOD’s Computer Emergency Response Team (CERT) would eventually develop a fix for the Melissa virus, which caused an estimated $80 million in damage to computers and email servers worldwide. Cooperative efforts by the FBI, New Jersey State Police, a Swedish computer scientist and Monmouth County, NJ internet service provider (ISP) led to Smith’s conviction. Although he could have served ten (10) years in federal prison, his guilty plea and offer to assist the FBI in catching other cyber criminals saw his sentence reduced to twenty (20) months, a $5,000 fine and one hundred (100) hours of community service which was applied to his cooperation with the FBI.
But Smith was also convicted of other computer crimes by the State of New Jersey, which saw him fined an additional $100,000 and ordered to serve up to fifty seven (57) months: Twenty (20) of those months would be served concurrently with his federal sentencing at Fort Dix, New Jersey. During this time, Smith reportedly helped the FBI track down Jan de Wit, author of the Anna Kournikova virus, and Simon Vallor of Wales, author of three (3) mass-mailing viruses known as Gokar, Admirer, and Redesi.