CUPERTINO, Calif. - March 31, 1999 - Symantec Corporation (Nasdaq: SYMC), the world leader in utility software for business and personal computing, today announced a complete virus definition set is now available to detect and repair variants of the Melissa macro virus. SARC researchers have analyzed these viruses and added detection logic that will detect current variants and will also proactively protect against future variants should they be developed. The new virus definitions can be downloaded for all Symantec anti-virus products-including Norton AntiVirus, Symantec AntiVirus for Macintosh, LanDesk Virus Protection, and Symantec-IBM AntiVirus product families-via LiveUpdate, Scan and Deliver, or from the Symantec AntiVirus Research Center (SARC) download page on the Symantec web site (www.symantec.com). SARC is also providing a free Command Line Scanner to detect and repair the viruses for users without anti-virus software; the scanner can be accessed from the Symantec web site.
"Symantec is fully committed to ensuring that organizations have quick access to the technology that will protect their critical e-mail and other communications systems from Melissa variants as well as other threats associated with malicious code," said Enrique Salem, vice president of Symantec's Security and Assistance Business Unit.
Early this morning, Symantec posted virus definitions that support the detection and repair of a new variant of the Melissa virus called X97M.Papa.A.Intended and also another virus found in the same newsgroup called W97M.Ping.A.
SARC researchers provided users a complete detection and repair solution within an hour after the first Melissa-infected message was submitted by Norton AntiVirus customers, who sent their submissions via the anti-virus software's exclusive Scan and Deliver feature. Shortly thereafter, SARC made the solution available to all customers through the LiveUpdate feature in Norton AntiVirus and on the Symantec web site.
X97M.Papa.A.Intended is a macro worm. The worm was intended to replicate in the form of a Microsoft Excel spreadsheet. Using the macro language in Microsoft Excel in conjunction with Microsoft Outlook, the worm sends copies of itself to e-mail addresses contained in Outlook's address lists. In order for this worm to self-propagate, a user must have both Microsoft Excel and Microsoft Outlook installed.
Upon opening an infected spreadsheet, the worm composes an e-mail to the first 60 e-mail addresses in each address list configured in Microsoft Outlook. The e-mail contains the subject "Fwd: Workbook from all.net and Fred Cohen" and the body text "Urgent info inside. Disregard macro warning."
The worm then attaches the Excel spreadsheet to the e-mail and sends the message, propagating itself further. Such mass mailings can cause network congestion and an increase in load on e-mail servers, forcing them to be shut down.
The worm contains an additional payload with a random trigger. The payload performs a ping on two different IP addresses with a random buffer size for an indefinite amount of time, potentially causing a denial of service and additional network congestion.
X97M.Papa.A.Intended contains a bug that does not allow it to execute properly. However, the virus author publicly posted a message that he now has a version with the bug fixed and it is only a matter of time before it is released. With the latest virus definitions, a new technology was included to detect variants of X97M.Papa.A worm. Norton AntiVirus will now be able to detect X97M.Papa.A.Intended and it's possible future variants.
W97M.Ping.A, found on the same Internet newsgroup as X97M.Papa.A.Intended has no similarities to the Melissa virus, but it does have a minor similarity to X97M.Papa.A.Intended where the virus will ping four different hosts to cause network congestion and a denial of service. SARC has created detection and repair for this virus and also has implemented new variant detection for it.
Users can find updated information on the Melissa virus and its variants by accessing the Symantec web site at www.symantec.com/avcenter/venc/data/melissa.html.
Symantec AntiVirus Research Center (SARC)
SARC is the industry's largest dedicated team of virus experts. With offices located in the United States, Japan, Australia, and the Netherlands, the sun never sets on SARC. The center's mission is to provide swift, global responses to computer virus threats, proactively research and develop technologies that eliminate such threats, and educate the public on safe computing practices. As new computer viruses appear, SARC develops identification and detection for these viruses, and provides either a repair or delete operation, thus keeping users protected against the latest virus threats.
Symantec is the world leader in utility software for business and personal computing. Symantec products and solutions help make users productive and keep their computers safe and reliable anywhere and anytime. Symantec offers a broad range of solutions and is acclaimed as a leader in both customer satisfaction and product brand recognition. Symantec is traded on Nasdaq under the symbol SYMC. More information on the company and its products can be obtained at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, view the Symantec Press Center at www.symantec.com/PressCenter/ on Symantec's Website.