First published: 22nd January 2001
22 January 2001, Hong Kong: Yui Kee warns that two old viruses, Melissa and Navidad, are now spreading again as new variants around the world and in Hong Kong. Users practicing "Safe Hex" will not be at risk.Several anti-virus developers and security companies have issued warnings about the new Melissa variant. Variously called W2001MAC/Melissa.W-mm, Melissa-X, W97M_ASSILEM.B, Melissa.W, it is in a document saved using Microsoft Word 2001 for Macintosh. This is problematic, as some antivirus programs are still unable to handle this new file format but the virus is fully functional under both Macintosh and Windows versions of Microsoft Office.
Opinion on the threat represented by Melissa.W varies:
Trend Micro has reported, "Reports of infection have come from Europe, North America, and South Africa. We've assigned the virus a 'low risk' ranking as the virus has not had a significant impact or spread very far at this point." See: http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=W97M_ASSILEM.B
TrueSecure has assigned a Medium risk, saying, "We currently recommend aggressive efforts to make sure your site is not affected by this virus including, potentially, shutting down your Internet email gateway."
"This is a wake-up call for anyone who thinks viruses happen to other people," said Graham Cluley, senior technology consultant at Sophos Anti-Virus . "Everyone should be employing safe computing practices. My message is simple - stop opening unsolicited attachments; start treating your computer with the respect it deserves." Sophos has already released an update for the virus. See: http://www.sophos.com/virusinfo/articles/melissax.html
F-Secure warned: "Melissa.W has been spreading for two days now and is getting very widespread. This is serious as many av programs can't handle its file format." See: http://www.f-secure.com/v-descs/melissaw.shtml
Yui Kee has received no reports of Melissa.W in Hong Kong. Allan Dyer, Chief Consultant at Yui Kee, said, "We cannot predict at this stage whether this will become prevalent in Hong Kong."
However, W32/Navidad-B has been confirmed in Hong Kong. W32/Navidad-B also travels as an email attachment, but as an executable file rather than a document. When it has infected a victim's computer, it will search the users' Inbox and reply to messages that have one attachment. The subject and the body of the reply will be the same as the original message, but the attachment will be a copy of the virus. "This is particularly well suited to spreading at Chinese New Year, we have seen people sending out their new year greetings to a large group of friends with an animation attached, Navidad will react to these messages by replying to all the recipients, with itself attached. The recipients can easily mistake this for another fun greeting.", said Allan Dyer, "We have already seen two infected individuals who sent out the virus to a total of ninety-six contacts. This clearly shows the potential for epidemic spread, and the importance of Safe Hex. I do not want to sound like a grinch, but are your greetings any less heart-felt if you do not send that attachment?"
Further information on W32/Navidad-B is at:
- http://www.sophos.com/virusinfo/analyses/w32navidadb.html
- http://www.sarc.com/avcenter/venc/data/w32.navidad.html
- http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_NAVIDAD.E
- http://www.f-secure.com/v-descs/navidad.shtml
Guidelines for Safe Hex are at:
http://www.sophos.com/virusinfo/articles/safehex.html