What is the Melissa/Papa virus?

A. On Friday, 26th March 1999 a new virus called Melissa was discovered and has all ready caused major problems for many top companies including Microsoft and Intel.

The new virus is a Word macro virus which is spread via e-mail and attacks users of Microsoft Word 97 and Microsoft Word 2000.

If you receive an e-mail with the subject line "Important message from ... ," it may indicate you have been sent the virus. If that message comes with a Word document attached called "list.doc," (but it's not always called that) you've likely been sent the Word/Melissa macro virus. If you open the document, it will send copies of itself to 50 e-mail addresses it gleans from your personal e-mail. The most common method of infection seems to be via Outlook.

The body of the message begins "Here is that document you asked for ... don't show anyone else ;-)" with a document of pornographic Web sites named "list.doc". Once the .doc file is opened with either Word 97 or Word 2000, the virus is immediately executed if macros are enabled. It modifies the Word setting by infecting the warning template and the current open file.

In addition, if the minute of the hour matches the date (for example, 3:31 p.m. on 31st March), Melissa will insert a Bart Simpson quote into the current document:

"Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game's over. I'm outta here"

A new strain of the Melissa virus has already been reported (30/03/1999) which defeats the current Melissa anti-virus measures and the subject line is now blank and this variant is known as W97M_MELISSA.A. Check your anti-virus vendors website for an updated fix.

The source for Melissa can be seen here.

A second virus has been reported called Papa which behaves in the same way but sends mail to the first 60 names in your Outlook address book and affects Excel instead of Word.

This time the subject line claims the message is from "all.net and Fred Cohen." The body of the e-mail, which contains an attached document titled "path.xls," then instructs the user not to disable the macros, which is how the virus is activated.

A new breed of viruses now allow a virus to be activated by just opening a mail message, however normally you have to open an attachment so warnings about virus's by opening a mail message were hoax's and there have been a large number of these circulating recently (pre November 1999).

This could change in the near future with the integration of mail with HTML and ActiveX components.You just need one Trojan enhancement (most are client side ActiveX DLLs) and then even opening an HTML e-mail could be dangerous.

In order to prevent Macro virus's attacking office make sure make sure macro virus protection is turned on:

In Word 97 and Excel 97

  1. On the Tools menu, click Options.
  2. On the General tab, check Macro Virus Protection.

In Word 2000 and Excel 2000

  1. Double-click on the Tools menu, point to Macro and then choose Security.
  2. Select the level of security you want. High security will allow only macros that have been signed to open. Unsigned macros will be automatically disabled. Medium security always brings up the macro dialog protection box that allows you to disable macros if you are unsure of the macros.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.