Security Experts Worry About Impact of E-Mail Virus

Computer virus experts are warning users of Microsoft Word to disable the programs macro feature to help stop the spread of a new computer virus discovered late Friday which they are afraid will overload mail servers across the Internet over the coming days, resulting in slower e-mail delivery.

Named “Melissa,” the Word 97 and Word 2000 macro virus began propagating via e-mail attachments late Friday. Carnegie Mellon University’s Computer Emergency Response Team put out an advisory on the virus Saturday with a detailed description and steps users can take to avoid being affected.

CERT described the virus attack as widespread, saying it had already affected a number of sites. The virus is most commonly being spread in e-mails with the subject “Important Message From” followed by the e-mail message of the sender. The body says “Here is that document you asked for… don’t show it to anyone else :)”

When a user opens an infected document, the virus first looks to see if any Word 98 or Word 2000 macros are enabled. When it executes, the virus changes the security settings in Microsoft Word, allowing all macros to run when any documents are opened in the future. That allows the virus to be executed with no warning.

The virus spreads by looking into a user’s e-mail address book and sending the infected message to the first 50 people on it. That has CERT and system administrators fearing the virus will load down mail servers. However, CERT was quick to point out the virus apparently does no damage to a computer’s files. CERT also said it does not place any damaging information in the computer’s memory.

The organization said it has already received complaints from system administrators who say the virus has slowed down their mail servers.

CERT said most virus scanners will detect and clean the virus.