10 Years With Melissa, the Worm that Changed the World
Malware was in the minor leagues before Melissa showed everyone how to really harass the Internet. 10 years later we still don't have a good solution to mail worms.It was the first of the mail viruses. Melissa hit the scene in March of 1999 and seemed a little like black magic. Open an e-mail attachment, from someone you know, no less, and suddenly other people you know are getting the same e-mail. Melissa required Microsoft Office, Word and Outlook in particular, using VBA for programming and MAPI for transport. Some modifications were needed to the model, but the mail virus was an inspiration which transformed the world of malware and went on to build the massive populations of botnets that infect and persecute the world. Authors of mail worms pretty quickly moved on to SMTP as a transport instead of MAPI. Microsoft filled the holes that made Melissa possible, but of course even today patches are never applied quickly to make enough of a difference to such things. And even today there are ISPs that are only beginning to take measures to stop SMTP mail bots. So I think of Melissa as the intellectual inspiration for most of what really troubles the world of Windows PCs these days. It didn't do a whole lot of permanent damage on its own, but it showed the way.
For a sense of what malware was like prior to the advent of Melissa I took a look at the WildList for March, 1999. The WildList is an anachronism today; so much malware comes out every day that lists of specific threats aren't useful anymore. But what's really interesting is the difference in techniques. That WildList is dominated by a combination of boot sector viruses and macro viruses. These were serious problems in their day, but compared to malware today they were a petty nuisance. There were also some genuine viruses (such as CIH/Chernobyl) which were not just nuisances and which in fact could cause great damage. But this damage was also a factor that limited their growth.