Melissa variant lifts its ugly head

Computer virus watchers are warning of a variant of the infamous Melissa virus that slips by detection software because of an altered file format.

McAfee, a division of Network Associates Inc., said on Thursday that it has received 20 reports of the virus, dubbed “Melissa.w”, striking in the last 48 hours. Hits have been reported in both Europe and the United States.

McAfee has rated this variant of Melissa as a “low to medium risk,” which means it is not yet viewed as being as threatening as the original version of the virus, which is still rated “high risk.”

“It’s exactly the same source as the original Melissa virus, only the file format has changed,” said Patrick Nolan, virus researcher at McAfee Avert, Network Associates’ virus research center.

Nolan said the format changed because somebody with an infected system forwarded a document in Microsoft Corp.’s new Word 2001 format. “It is possible that the virus is not detected; the binary storage of macros is slightly different (in the new file format),” he explained.

Melissa was first discovered in March 1999. The virus quickly spread by forwarding itself using the address book of Microsoft Corp.’s Outlook e-mail program installed on the victim’s computer. The variant spreads in exactly the same way.

Nolan said the virus affects systems running Windows or Apple Computer Inc.’s Macintosh operating system and Office 97, Word 98, Office 2000 or Office 2001.

Melissa.w arrives at a user’s computer in an e-mail with the subject line “Important Message From,” and ” Here is that document you asked for … don’t show anyone else ;-),” in the body of the message, just like the original Melissa.

In most instances reported to McAfee a file named “anniv.doc” was attached, said Nolan. The original virus was hidden in a document named “list.doc”. The virus is activated when the file is opened.

Network Associates, in Santa Clara, Calif., can be reached at