Select your country

Not finding what you are looking for, select your country from our regional selector:


Legendary Hacks #2: Melissa, the Florida dancer

The Melissa virus

The Melissa virus appeared in 1999 and appears as a simple e-mail message with an attachment named "list.doc". The attachment, which is not empty, contains several passwords giving access to pornographic sites.

However, when the user opens the file, the device is directly infected, launching the program automatically. The fraudulent email is indeed sent to the first fifty addresses in the victim's email directory and continues to spread from email to email.

Also, the virus is spreading at an impressive rate since 100 000 computers were affected in less than a week in the United States, not sparing large companies, even though they are secure. Microsoft is an example of this since the American company was contaminated and had declared to close a part of its mail servers to stop the virus and to stop the contamination.

The characteristics of the virus

Created by David Smith, the Melissa virus has long been characterized as a "computer worm", a type of malicious software, edited in such a way that it spreads and executes at the same time. However, Melissa is not considered a computer worm but rather a macro virus. Indeed, it is designed to infect only Office documents while spreading like a worm.

Melissa has a limit since the virus requires a particular environment to spread. It requires the device to be equipped with a Word processor, Outlook, and Microsoft email software to spread. Also, other computers equipped with software such as Macintosh are spared and do not participate in the virus chain.

At the time, a total of 60,000 e-mails were sent from user to user, infecting the affected devices in the process.

Nevertheless, its editor, David Smith, had declared that he did not want to create a disastrous virus. This virus does not cause any damage, but an overload in the computer, particularly in the mail servers, which is an unforeseen effect.

How was David Smith identified?

On April 2, 1999, the FBI arrested the first suspect, David Smith, in New Jersey. The American authorities were indeed on the right track since he confessed shortly afterward to having published the virus, whose name Melissa was inspired by an encounter with a dancer in Florida.

David Smith was identified through the GUID (globally unique identifier) of the attachment. At the time, the Windows version contained several pieces of information about the creator of the file, including the Mac address of the computer used to edit the document.

David Smith was initially sentenced to 10 years in prison for causing an estimated 385 million euros in damage. However, after agreeing to cooperate with the FBI, his sentence was reduced to 20 months in prison and a fine of $5,000.

A controversial virus?

The Melissa virus is world-famous and has inspired many companies and organizations, both legal and fraudulent.

A boon for the marketing sector?

Melissa's program and its size have been an opportunity for advertisers, of course, not as a virus.

Some companies are indeed victims of negative remarks in the United States, criticized for their marketing techniques. These would be qualified as abusive, on the sending of unsolicited emails. The way the Melissa worm works would allow advertisers to get around the problem since it would be enough to send a single e-mail for it to spread autonomously to other contacts.

An opportunity for the world of cybercrime

Cybercriminals also took interest in the virus by creating different variants of the initial version. Unlike the harmless Melissa worm, the derivatives that appeared proved to be much more dangerous. The example of Melissa-X, a variant deleting system files or reaching local disks to delete data.

Computer worms are now more common, and their degree of danger is increasing. This is a worrying situation if we look at the evolution of this malware since the first worms were harmless or not very dangerous.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.