Antivirus software vendors warned yesterday that yet another variant of the Melissa computer virus is making the rounds. Dubbed "Killer Resume", the virus surfaced yesterday morning and has already shown up at 10 large US businesses, according to antivirus software vendor McAfee.com.
The virus is carried in an email with the subject line "Resume - Janet Simmons", and includes an attachment called either "Resume.doc" or "Explorer.doc". If a user opens the attachment, the virus emails itself to all of the names in a user's Microsoft Outlook address book. When the attachment is closed, the virus sets about deleting files on the user's hard drive, McAfee.com said.
The first reports of Killer Resume came in yesterday, Sal Viveros, director of McAfee.com's active virus defence group, said in a phone interview. Most of the reported sightings of the virus have been in the Midwestern US, including one large company in Chicago, leading Viveros to suspect that that's where the virus originated. No reports have surfaced yet of users being affected outside of the US.
"Tuesday will be the biggest issue, because that's when people come back to work," Viveros said. Monday is a nationwide holiday in both the US and the UK.
McAfee.com has assigned Killer Resume a medium-risk assessment, although if the virus starts to spread more quickly the firm will upgrade it to high-risk. The full name assigned to the virus is W97M/Melissa.bg@MM, although it also goes by the alias Melissa.bg.
Users who receive an email containing the virus are advised to delete it immediately; and all users should update to the latest version of their antivirus software, Viveros said. McAfee.com has posted a fix in its Update Clinic on its website at http://www.mcafee.com/.
The hacker responsible for the virus probably started with a copy of the Melissa virus and altered it slightly to create Killer Resume, Viveros said.
"It's a case of copy-cat," he added.
The Melissa virus hit computer networks around the world in March of last year and caused an estimated $US80 million in damages, mostly in terms of compensating network administrators for the time they spent cleaning up the fallout after the virus activated.