What is the Melissa Virus?
The Melissa virus is a macro virus that sent mass emails to Microsoft Word and Outlook users in 1999. The virus was first discovered in a Microsoft Word document that, when opened, sent the virus to 50 addresses in the victim's address book. Melissa had no malicious payload at first, but variations quickly arose that could erase or destroy Microsoft Excel documents. It was alsoo known as Mailissa, Simpsons, Kwyjibo, and Kwejeebo.
How Did the Melissa Virus Spread?
In 1999, David Lee Smith, a programmer, hacked into an America Online (AOL) account and used it to post a file to an Internet newsgroup. The file was used as bait in a posting offering free login credentials to adult content websites. A virus was installed on the customers' computers after they downloaded and opened the file from the website. The virus hacked into the user's Microsoft Outlook account and sent emails to the top 50 contacts in the contact list with the identical malicious files.
When the original Melissa infected a new user, it increased the total pressure on email systems, eventually causing server overload and turning Melissa into a denial of service (DOS) attack. Melissa caused most of the losses due to lost productivity when email servers were down.
This was one of the first major attacks to draw attention, as well as one of the first true phishing attacks. This attack predicted our internet future, as advanced social engineering and phishing attacks continue to haunt us today.
Impact of the Melissa Virus
On March 26, it began spreading like wildfire across the Internet. Since it came with the message, "Here is the document you asked for... do not reveal it to anyone," Melissa exploited social engineering tactics. She was the star of one of the most significant incidents of huge infection in history, causing more than 80 million dollars in harm to American businesses in just a few days. Because of its actions, companies including Microsoft, Intel, and Lucent Technologies had to disable their Internet connections.
Also, more than 300 organizations and government institutions throughout the world had their email systems overburdened, and several had to be shut down completely, including Microsoft. Approximately one million email accounts were affected, and Internet traffic slowed to a crawl in certain areas.
How the Melissa Virus Was Curtailed
Within a few days, cybersecurity professionals had mostly controlled the virus's spread and restored network functionality, however it took some time to completely eliminate the infections. In addition to its investigative role, the FBI issued public warnings about the virus and its effects, assisting in public awareness and reducing the attack's damaging repercussions. Nonetheless, the total cost of the cleanup and repair of impacted computer systems was anticipated to be $80 million.
Thanks to a tip from an AOL representative and practically flawless coordination between the FBI, New Jersey law enforcement, and other partners, finding the offender didn't take long. The virus' electronic fingerprints were traced to Smith, who was arrested on April 1, 1999, in northeastern New Jersey. Smith admitted guilt in December 1999 and was sentenced to 20 months in federal prison and a $5,000 fine in May 2002. In addition, he committed to cooperate with federal and state authorities.