LLMpediaThe first transparent, open encyclopedia generated by LLMs

Melissa (computer virus)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: CERT/CC Hop 4
Expansion Funnel Raw 82 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted82
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Melissa (computer virus)
NameMelissa
CaptionScreenshot of an infected Microsoft Word document
DiscoveredMarch 1999
AuthorDavid L. Smith
TypeMacro virus, mass-mailing worm
PlatformMicrosoft Windows, Microsoft Word, Microsoft Outlook
OriginUnited States

Melissa (computer virus) Melissa was a mass-mailing macro virus that emerged in March 1999 and rapidly infected tens of thousands of systems worldwide, exploiting Microsoft Word and Microsoft Outlook to propagate. It combined social engineering with automated propagation, triggering wide operational disruption across corporate, academic, and governmental networks and prompting coordinated legal and technical responses from law enforcement, technology vendors, and security researchers.

Background and discovery

The outbreak was first noticed during March 1999 by system administrators at Lockheed Martin, Microsoft, Avis, and several United States Postal Service facilities, who observed sudden spikes in email traffic and degraded computer network performance. Early analysis was performed by teams at F-Secure, Symantec, McAfee, Network Associates and independent researchers including specialists from CERT Coordination Center and university labs at Carnegie Mellon University and Massachusetts Institute of Technology. Public reporting by technology press outlets such as Wired (magazine), The New York Times, BBC News and The Washington Post helped publicize the vector and scale of the outbreak.

Technical details

Melissa used a Visual Basic for Applications macro embedded in a Rich Text Format or Microsoft Word document attached to an email. When the document was opened in Microsoft Word 97 on Microsoft Windows NT or Windows 98, the macro executed and accessed Microsoft Outlook to harvest email addresses from the infected user's address book. The payload generated mass-mailing behavior by sending copies of the infected document to the first 50 contacts, spoofing the sender field to impersonate the infected user. The code exploited features specific to Office 97 macro automation and used social-engineering text referencing explicit cultural artifacts to entice opening, referencing personalities and events reported in outlets such as Entertainment Weekly and People (magazine). The macro did not attempt to delete files or encrypt data; its primary effect was rapid replication and network congestion.

Spread and impact

Within days of activation, Melissa propagated across commercial networks at firms including Intel, Exxon, Morgan Stanley and educational institutions such as Harvard University and Stanford University, triggering email server outages and temporary shutdowns of Outlook gateways. The worm's traffic caused service degradation at Internet Service Providers like AOL, EarthLink and enterprise hosting providers, and contributed to cascading failures in corporate intranet and campus local area network environments. Economic impact estimates compiled by analysts at NortonLifeLock and Gartner, Inc. placed direct remediation and lost productivity costs in the tens of millions of dollars, while insured claims were processed by carriers such as AIG and Swiss Re. Media coverage linked the incident to larger discussions about cybersecurity policy in venues including United States Congress hearings and testimony before committees chaired by members of Senate Judiciary Committee and House Commerce Committee.

Investigation by the Federal Bureau of Investigation in coordination with the United States Secret Service, Royal Canadian Mounted Police and international partners traced activity to the United States. A suspect, later identified as David L. Smith, was arrested after investigators used leads from Internet service providers and forensic analysis techniques developed by teams at AT&T Labs and Bell Labs. Charges included computer fraud and abuse under statutes enforced by the United States Department of Justice; prosecution occurred in the United States District Court for the Eastern District of Pennsylvania. Sentencing involved fines and incarceration, and the case became a high-profile example cited in legal scholarship published in the Harvard Law Review and discussed at conferences hosted by the Electronic Frontier Foundation and International Association of Computer Investigative Specialists.

Response and remediation

Immediate remediation tactics employed by affected organizations included disconnecting email servers, deploying antivirus software updates from vendors such as McAfee, Symantec, Trend Micro and Sophos, and applying Microsoft-issued guidance to disable macros by default in Office installations. Corporate incident response teams from companies like Cisco Systems, IBM, HP and consulting firms including Accenture and Deloitte coordinated containment and recovery. System administrators implemented email filtering, rate-limiting, and patch management processes drawn from recommendations by CERT Coordination Center and industry groups such as Internet Engineering Task Force working groups. Public advisories were issued by National Cyber Security Centre (UK) and the United States Computer Emergency Readiness Team.

Legacy and influence on cybersecurity practices

Melissa catalyzed shifts in security posture across private and public sectors: vendors moved to disable macros by default in Microsoft Office updates, enterprises accelerated adoption of perimeter email defenses offered by Proofpoint and Mimecast, and academic curricula at institutions including Stanford University and Massachusetts Institute of Technology incorporated case study analysis of mass-mailing worms. The incident influenced policymaking in United States Congress hearings and inspired new investigative frameworks at law enforcement agencies such as the FBI and Europol. It also helped spawn commercial markets for managed security services from firms like RSA Security and FireEye and informed industry standards developed by ISO/IEC JTC 1/SC 27. Melissa remains cited in textbooks published by O'Reilly Media and in course materials at SANS Institute and Coursera for its role in shaping threat modeling, user-awareness training, and secure defaults in software design.

Category:Computer worms Category:1999 introductions