Reuters 7 Internet 7 ZDNet 7 CBS MarketWatch 7 Variety
Nasty Melissa variant set to go off on Christmas
Updated 3:18 PM ET November 19, 1999
By Jim Kerstetter, PC Week
It's called the W97M/Prilissa virus. But a better name for it would be the Grinch virus.
Anti-virus researchers at Network Associates Inc. said Friday that 10 Fortune 500 companies on three continents have been hit with a new virus called W97/Prilissa. Prilissa is a nasty variant on two better known attacks -- the Melissa worm and the PRI virus. The virus depends on the Windows 95 and 98 operating systems and the Word 97 word processing application.
If opened, it will e-mail itself to the first 50 names on a computer's Outlook or Outlook Express e-mail client.
"This is probably the fastest infection rate we've seen since Melissa," said Sal Viveros, antivirus product manager at Network Associates, in Santa Clara, Calif. The virus uses macro commands similar to those of Melissa to replicate itself.
But the virus itself won't go off until Christmas day. That means it won't have much of an impact on companies, which aren't likely to be open on that day, even if it should go undetected. But there is a big threat to home PC users, particularly unsuspecting children logging onto the computer to play with their new games on Christmas.
The Dr. Suess analogies are endless.
The virus itself looks for a registry key to verify if the local system has been infected. If it hasn't, the virus creates a Microsoft Outlook e-mail message with the subject line "Message From (Office 97 user name)" and a message body that says "This document is very Important and you've GOT to read this!!!"
The first 50 listings from all address books are selected, along with an attachment -� the infected document, whatever it is.
If the date is December 25, the virus runs a destructive payload to overwrite the existing C:/AUTOEXEC.BAT file with the instructions:
"@echo off"
"@echo Vine...Vide...Vice...Moslem Power Never End..."
"@echo Your Computer Have Just Been Terminated By -= CyberNET-= Virus !!!"
"ctty nul"
"Formate c:/autotest/q /u"
The virus will not run on Windows NT. Another message is displayed on Word 97, adding:
"You Dare Rise Against Me... The Human Era is Over, The CyberNET Era Has Come!!!"
Most antivirus vendors are expected to have a definition update and fix prepared within the next few hours.
It's unclear who will carve the roast beast.
-- G Bailey (glbailey1@excite.com), November 21, 1999