Security industry remembers the Melissa worm ten years after it hit the world

Opinion by Dan Raywood

Ten years ago the first major virus hit the internet via email propagation.

Ten years ago the first major virus hit the internet via email propagation.


The Melissa virus was written by David L. Smith from New Jersey who named it after a lap dancer he met in Florida. It shut down internet mail systems that became clogged due to the amount of infected emails being sent.


Smith was caught and arrested as a result of collaboration between the FBI, New Jersey State Police and Monmouth Internet. He was sentenced to 20 months in a federal prison and fined $5,000.


Mikko Hypponen, F-Secure's manager of anti-virus research, said: “We've never seen a virus spread so rapidly. We've seen a handful of viruses that distribute themselves automatically over email, but not a single one of them has been as successful as Melissa in the real world."


Its impact was felt throughout the world, especially in the internet-savvy US and UK. Jose Nazario, manager of security research at Arbor Networks, claimed that it spread so fast as no one knew how to defend against it.


Nazario said: “This was the first outbreak of an email worm. It spread like wildfire as no one was defending against it or knew how to. It propagated and spread and choked up network servers, it had the ability to email itself by the user simply viewing it.


“This was one of the first worms to hit so big and be so successful, then a few copycats came along and it forced Microsoft to say ‘we'll change the way email works'. It was one of the first times where ‘speed bumps' had to be introduced.”


Alex Shipp, anti-virus technologist at MessageLabs, claimed that Melissa caused the world to wake up to the reality of viruses.


Shipp said: “This was the first real wake up call, we had seen and stopped viruses before but this was the first where we stopped over a hundred in a day. We had an alert tone when a virus was stopped and on that day we had to turn it off as it sounded like something out of Star Wars!


“This started at the weekend so it was a wake up call that we didn't expect and the start of research of heuristic virus scanning where a lot of things can be killed off.”


Shipp further explained that the impact of Melissa was felt for around a week before updates caused its impact to be minimised. So is this sort of attack still prevalent? Shipp said: “It was fairly big for a week and we still see versions of it affecting people who do not have any anti-virus or don't update it.”


Shipp further claimed that although the worm was not intended for harm yet did create problems with servers, it was several years before malware moved on to the next stage.


Shipp said: “It took until 2004 for the criminal elements to cotton on to what was happening and Melissa was the first type to get attention and then based on the way it spread, the cybercriminals cottoned on to the way to get work done.


“When Melissa was out you would update your anti-virus once a week or once a month, and if you were connected to the internet you were unique. Now people are much more on the ball and the bad guys no longer use viruses, they prefer Trojans as they have many more email addresses and can make a big hit in an hour and go away again, they don't want a virus that will get the attention of the world media.”


With the world now almost numb to the impact of worms and malware reports, and them not receiving the national and global media coverage that Melissa and its follow-on worms received, what comparisons can be drawn with the Conficker worm and how that spread so quickly and efficiently earlier this year?


Nazario said: “It is similar to Conficker in the way that it is being propagated; 25 years ago data was moved by floppy disks now more of us share data by USB sticks and email. So there is little change in terms of the way spread – the more things change the more they stay the same.”


The public may be more underwhelmed by the news of an email worm these days, and they may not receive the media coverage that Melissa gained ten years ago. However this is down to ISPs, security managers and the general public being more aware of internet dangers and malware, and proves that lessons were learnt all round from the experience.














































Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events