Mar 28, 1999 — Melissa Virus Revealed
March 28, 1999
March 1999 — the virus is created
In early 1999 David L. Smith, a programmer from New Jersey, created a macro virus that targeted Microsoft Word documents. The virus later became known as Melissa.
At the time Microsoft Office macros were widely used and often enabled by default. That made Word documents a convenient carrier for malicious code.
Smith embedded the virus inside a Word document named “List.doc.” The document claimed to contain passwords for pornographic websites. The bait was simple but effective — curiosity encouraged people to open the file.
March 22–25, 1999 — the first appearance online
Around the third week of March 1999 the infected document was uploaded to a Usenet newsgroup that distributed pirated software.
When a user opened the document, the macro code executed. The virus infected the local Word installation and gained access to Microsoft Outlook.
From that moment the infected computer began sending the same infected document to other people.
Late March 1999 — rapid propagation
Melissa used Microsoft Outlook to send itself to the first 50 contacts in the victim’s address book.
Each message looked legitimate. It appeared to come from someone the recipient knew and often contained a short friendly sentence. Because the email came from trusted contacts, many recipients opened the attachment.
Every new infected computer repeated the same process. As a result the virus began to propagate extremely quickly through corporate email systems. Within only a few days tens of thousands of computers were infected.
March 26–27, 1999 — email systems begin to fail
The virus itself did not destroy files or erase disks. The main damage came from the enormous number of emails generated by infected machines.
Corporate mail servers suddenly had to process massive volumes of traffic. Many systems simply could not handle the load. Email queues filled up, servers slowed down, and internal communication in large organizations began to collapse.
Companies including Microsoft, Intel, and several government agencies shut down their email gateways entirely to stop the propagation.
March 28, 1999 — the FBI reveals the virus
On March 28, 1999 the FBI publicly announced the Melissa virus and opened a major federal investigation. Investigators analyzed server logs, message headers, and the path of the infected documents across the internet.
April 1, 1999 — arrest of the author
Only a few days after the FBI announcement, investigators traced the original upload of the virus. On April 1, 1999, David L. Smith was arrested in New Jersey.
The cost of the outbreak
The Melissa incident forced companies around the world to shut down email infrastructure and manually clean infected systems. The total damage was estimated at around $80 million worldwide.
For the late 1990s internet this was one of the largest disruptions caused by a single piece of malware.
Consequences
David L. Smith later pleaded guilty and cooperated with investigators. He received a prison sentence and financial penalties.
The Melissa incident forced major changes in email security:
- Software vendors introduced stricter macro controls by default
- Antivirus companies improved detection of mass-mailing malware
- Organizations began filtering attachments more aggressively
Melissa became one of the first major demonstrations of how quickly malicious code could propagate through ordinary communication tools.