Introduction

During the latest months viruses have been using e-mail clients to spread themselves. The most famous one is of course W97M/Melissa.A that e-mails a copy of itself to the first 50 recipients of the Outlook address book. These viruses are now referred to as Mass Mailers, and pose an additional threat to the computer user society. Not only do they infect your system, but they also send themselves using e-mail clients, attached to their original document or attached to a new document. Needless to say, these documents may actually contain privileged and confidential information that should not become publicly available.

How to recognize

In an agreement between major anti-virus vendors, the names of viruses that are Mass Mailers got a post-fix to their name. This postfix is @mm (i.e. @MassMailer). Whenever Norman Virus Control intercepts an infected file and the virus name ends with @mm, be aware that the virus found is a Mass Mailer.

At 20 December 1999, 65 macro viruses are known to be Mass Mailers. These viruses are listed below.

Action to take

If a mass mailer macro virus has been found within your company, the system on which the virus was found was probably sufficiently protected and timely updated to prevent havoc. 

However, not all systems may be sufficiently protected or updated with the latest versions of the virus definition files (e.g. laptops that have been away from the company). These systems can still pose a threat to your environment as the mass mailing virus may be undetected on this system. An appropriate action to take is denying these systems access to the network until these systems have been updated with the latest virus definition files. Only after updating these, connection to the network should be allowed.

Per Olav Førland