Wirt wrote (back on Sunday):

> As far as the Melissa virus goes, it seems to do no real harm.
> All it's going to do is mail copies of itself to 50 of your
> closest friends.

Actually, it's a little more than that.

First, the target may be quite a bit larger than 50 people.
To quote from the CERT advisory that Joe posted, the virus may:

> propagate itself by sending an email message in the format described
> above to the first 50 entries in every MAPI address book readable by
> the user executing the macro. Keep in mind that if any of these email
> addresses are mailing lists, the message will be delivered to everyone
> on the mailing lists.


Second, and perhaps more importantly, the virus is not entirely benign.
Again from the CERT advisory:

> Upon execution, the virus first lowers the macro security settings
> to permit all macros to run when documents are opened in the future.
> Therefore, the user will not be notified when the virus is executed
> in the future.

I say "perhaps" more importantly because this may be a chicken-and-egg
thing.  If the security is set so that the macro won't run
automatically upon opening the infected doc, then the infection
will spread only if one allows it to run.  And if the security is
already set to allow the macro to run, then the macro is wasting
its time setting the macro security low.


Other sources have noted -- ironically, given the latest invasion-of-
privacy claims -- that the GUID that MS attaches to every Office doc
is being used to trace the virus's author.  And it pains me to say
that initial reports are that the virus was authored on a Mac.

What a waste.

--Glenn Cole
  Software al dente, Inc.
  [log in to unmask]