Because the virus is a corrupted version of the Melissa.U virus that surfaced last week, it's been flying under the radar screen of some anti-virus software. Symantec posted new software that protects against it on Monday, and anti-virus firm Trend Micro said its software already detects the virus.
Like the original Melissa, Melissa.U(Gen 1) has the ability to replicate by sending itself out to other e-mail addresses. Unlike Melissa, it deletes some system files.
When a person using Microsoft Corp.'s Outlook messaging software opens or views the attachment contained in the e-mail, the virus will replicate itself, sending four copies to addresses listed in that person's Outlook address book.
In addition to sending itself out, it will also delete some system files and spread the original Melissa.U virus to other documents on that person's computer.
Origins of virus unclear
Some anti-virus experts say this strain isn't as dangerous as other high-profile viruses that have surfaced in the past year. For example, Melissa.U(Gen 1) doesn't replicate as quickly as the original Melissa virus, which sent itself to 50 addresses, causing systems at companies including Microsoft Corp. and Boeing to crash. Also, the virus doesn't overwrite files and make them unrecoverable, as the ExploreZip worm did. Instead it deletes files, which can be restored.
Dan Schrader, of Trend Micro, said companies have a better handle on these virus strains than they did on the original Melissa, partly because that virus made people are more wary of e-mail attachments. He said only a half dozen companies have mentioned the virus to his company.
"We've had a scattering of reports from our customers that they've encountered it, but we're not seeing a deluge," he said. "It's not time to head for the hills and pack up the canned goods."
Antivirus experts aren't sure yet where the virus originated, or whether it is a man-made corruption of the Melissa.U virus or an accidental strain. "We're debating whether it was generated to avoid detection ... or it just happened," said Symantec's chief anti-virus researcher Carey Nachenberg, adding that he thinks it was created by someone to wreak havoc.
