Let’s take a trip back in time. Let’s go back to December 1999, a mere 16 years ago. And my oh my, have things changed! 16 years ago, holiday shopping meant going to the mall (not shopping on your phone), and there was no such thing as a Grande Chestnut Praline Latte. There was also no YouTube and no social media, and computer viruses were a lot less advanced than they are today. December 1999 was also the month in which Prilissa, a virus found on three continents, was programmed to cause havoc if opened on Christmas Day.
Because everyone wants gifts in December, right?!
Now let’s get real. What do you think of when you think of December? Regardless of your background, we all know December means presents! Whether gathered under your fir tree, menorah, Kwanzaa Bush or any other place, we all have a nagging little voice inside our heads saying “Ooohh, I wonder which box is for me?”
The makers of the Prilissa virus wanted to make sure that no poor soul went without a surprise for the holiday season. That’s why they created a nasty little virus named Prilissa. It was a variant of the famed Melissa virus and it spread via email attachments using security holes in Outlook and Outlook Express. Unlike previous viruses spread through email, however, Prilissa didn’t just cause a whole lot of email traffic. It also had the ability to reconfigure a user’s hard drive.
Once the unwitting recipient opened the attachment, the virus would send itself to the first 50 addresses in the victim’s email contacts. The body of the email contained the message “This document is very important and you’ve GOT to read this!!”. The infected attachment was an actual document from the previous victim.
On the morning of December 25th, victims who had opened the attachment in the past were met with a message stating, “You Dare Rise Against Me…The Human Era is Over, The CyberNET Era has Come !!!” Then the virus would attempt to reformat the victim’s hard drive and (for some strange reason) inserted oddly shaped, brightly colored blocks into the victim’s word documents.
Macro Viruses – Viruses that know how to spread
Prilissa is a type of virus known as a macro virus. A macro virus infects Word documents or similar programs and triggers a chain of events. The virus replaces or alters macro commands which are commonly used commands like “open file” in programs like Word. A macro virus comes along and swaps in whatever command it likes instead of the regular command. Macro viruses spread quickly. Once one document is infected, you can assume all your documents are infected.
Once the scourge of the malware world, macro viruses lost steam in the early 2000’s, only to be replaced by bigger, more powerful worms and spyware. Then Microsoft updated Windows to block most macro viruses, and it appeared that they were gone for good.
Everything old is new again
But just like Doc Martens, macro viruses are making a comeback. This year, we saw the rise of a type of banking malware known as Vawtrak which spread via emails with attached Word documents containing malicious macros. In this particular manifestation, the emails are sent from “FedEx” or “American Air” and ask you to download the attachment. If you do, you’ll be met by a message asking you to enable macros to read the attachment. If a poor chap enables the macros, a Trojan will start to run, allowing Vawtrak to collect banking info.
We all know the saying, “What’s old is new again.” As we see, the same holds true for viruses. And it still pays to keep tabs on old “legacy” viruses, as they have a thing or two they can teach us about good practices online. In other words, what was true in 1999 (don’t open suspicious attachments!) still holds true today. Moreover, they sometimes even have the nerve to return!
Do you remember any other old holiday viruses?