March 29, 1999 Web posted at: 12:41 p.m. EST (1741 GMT) by Dan Briody

From...

ALSO    Massive e-mail virus outbreak spreads like wildfire    How to protect yourself against Melissa    For more computing stories  IN-DEPTH SPECIAL    Insurgency on the Internet INTERACTIVE Have you been hit by the Melissa virus? Yes No View Results

(IDG) -- The FBI has launched an investigation into a fast spreading e-mail virus that infected computer systems over the weekend.

The Computer Emergency Response Team at Carnegie Mellon University in Pittsburgh, estimates that more than 100,000 computers and hundreds of companies have been infected by the virus.

Dubbed the "Melissa" virus, the culprit has hampered -- and in some cases entirely shut down -- e-mail systems for companies the world over. For example, Microsoft has put a halt to all outgoing e-mails throughout the company.

"Some users at Microsoft received an e-mail that contained a Word document that has attached to it a macro virus," said Andrew Dixon, group product manager for Office at Microsoft. "If that document is opened and the macro virus is allowed to run, it is possible [for the virus] to send e-mail to a number of other users."

Dixon said that Friday afternoon, Microsoft "temporarily turned off outgoing e-mail" company-wide to guard against spreading the virus. Dixon said he did not know how many Microsoft employees received the marco virus, or how many may have triggered it

At risk are Microsoft Exchange Servers running Microsoft Outlook. With an ever-changing subject heading of "Important Message From [end-user name], the attachment to the e-mail is a document entitled "list.doc" with a body of text reading "Here is that document you asked for ... don't show anyone else ;-)."

MORE COMPUTING INTELLIGENCE
	IDG.net home page
InfoWorld home page
InfoWorld forums home page
InfoWorld Internet commerce section
Get Media Grok and The Industry Standard Intelligencer delivered for free
Reviews & in-depth info at IDG.net
IDG.net's personal news page
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for IT leaders
Subscribe to Tipworld's antivirus alert
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

Upon opening the attachment, Microsoft Word 97 will ask if you want to disable the macros, to which you should reply yes, or the e-mail will automatically be sent to the first fifty names on each company mailing list.

"If you don't disable the macros, the virus resends itself to everyone in [your] address list," said John Berard, a spokesman for Fleishman Hillard, which was infected by the virus and inadvertently spread it around. "We've been shut down and working on the problem all day. It's hard working without the effective use of e-mail. But this thing did not originate with us."

In addition, the virus automatically changes the security settings of an infected system to the lowest possible setting, a slick move that has IT managers wondering if they will have to manually reset every infected PC in their enterprise.

Fleishman Hillard immediately shut down its systems when it discovered the virus and contacted federal authorities. Fleishman Hillard has more than 1,500 employees worldwide.

Meanwhile, the list of companies affected is growing exponentially. An Intel spokesperson reported that the chip-giant had been "touched" by the virus and is working on correcting the problem. "It's all over," he said.

Tom Moske, network manager for USWeb CKS, said the virus has made for a very long day. "It's going to propagate like crazy. It's gone to all of our client and personal addresses. We are kind of laughing, although it is pretty bad. This is a good one."

A fix for the virus has been posted on the Trend Micro Web site. All major antivirus companies are expected to follow suit on Monday. Symantec was on a company-wide holiday Friday.

Dan Schrader, director of product marketing at Trend Micro recommends that IT managers do not panic upon learning of the insidious virus, but shut down the e-mail system and go to Trend Micro's Web site at housecall.antivirus.com/smex_housecall for further instructions.

Though Schrader could not say how many companies had been affected, he did say the his company was "getting swamped with calls and hits on the Web site. Obviously it spreads very rapidly."

Schrader said the virus is easy to detect and not destructive in nature. But it can cause serious bandwidth constraints and contains several quirky characteristics.

According to Trend Micro officials, the virus has a hidden message that is time triggered to reveal a quote from the popular TV series "The Simpsons."

Dan Briody is the client/server section editor at InfoWorld. Bob Trott, Stannie Holt, and Michael Lattig contributed to this report.