This article came from the Carnegie Mellon Software Engineering Institute,
web site
http://www.cert.org/advisories

CERT? Advisory CA-99-04-Melissa-Macro-Virus
Original issue date: Saturday March 27 1999
Last Revised: Saturday March 27, 1999

Systems Affected

Machines with Microsoft Word 97 or Word 2000
Any mail handling system could experience performance problems or a denial
of service as a result of the propagation of this macro virus.

Overview
At approximately 2:00 PM GMT-5 on Friday March 26 1999 we began receiving
reports of a Microsoft Word 97 and Word 2000 macro virus which is
propagating via email attachments. The number and variety of reports we have
received indicate that this is a widespread attack affecting a variety of
sites.
Our analysis of this macro virus indicates that human action (in the form of
a user opening an infected Word document) is required for this virus to
propagate. It is possible that under some mailer configurations, a user
might automatically open an infected document received in the form of an
email attachment. This macro virus is not known to exploit any new
vulnerabilities. While the primary transport mechanism of this virus is via
email, any way of transferring files can also propagate the virus.

Anti-virus software vendors have called this macro virus the Melissa macro
or W97M_Melissa virus.


I. Description
The Melissa macro virus propagates in the form of an email message
containing an infected Word document as an attachment. The transport message
has most frequently been reported to contain the following Subject header

Subject: Important Message From <name>
Where <name> is the full name of the user sending the message.

The body of the message is a multipart MIME message containing two sections.
The first section of the message (Content-Type: text/plain) contains the
following text.

"Here is that document you asked for ... don't show anyone else ;-)"

For more information and updates, go to their web site.

Kelly Cassidy