Mac users hit by Melissa macro virus
January 19, 2001
The infamous Melissa virus, which caused so much mayhem among the world's Windows users a couple of years ago, has struck again. And this time the targets are Mac users.
US ASP Messagelabs.com has being registering a number of Melissa outbreaks among users of Microsoft's Mac:Office 2001, according to MacCentral. The infection apparently began in the UK and Office 2001 documents containing the Microsoft Word macro virus quickly turned up elsewhere.
Melissa first struck in March 1999. Infected Word 97 and Word 2000 documents activate the illicit macro which them emails a document containing its own code and a list of 80 porn sites to the first 50 names in the user's Outlook address book.
Mac:Office 2001 has been around since late last year, so it's odd that the virus should have re-appeared now. The likely suspect in this case is not Office but Outlook. Microsoft released a public Outlook for Mac beta at MacWorld Expo last week, and we wonder whether it's that that has provided long-infected documents with a path to other systems.
Indeed, the original Melissa outbreak missed Mac users largely because they all use Outlook Express - which, lacking Outlook's Visual Basic support, can't spread Melissa further. The more network-oriented Outlook wasn't then widely available for the Apple platform.
This new outbreak sends a message with "Important Message From xxxxx" as the Subject line and "Here is the document you asked for .. don't show anyone else ;-)" as the message. The virus-containing enclosure is called anniv.doc, though we note that the original Melissa virus' enclosure was called list.doc.
Whatever, Mac users should keep a very close eye out for the message and kill it immediately.
Symantec and McAfee, the two chief producers of Mac anti-virus softare, have both acknowlegded the presence of the virus. Symantac said it would release a fix for its Norton Anti-Virus for Mac product later today. Until then the software will spot the infection but not remove it.
And both Sophos and F-Secure have jumped in with their own products. Sophos today released a patch for its virus scanner.
Tony Smith, The Register