Remember Melissa the malware stripper? She’s back

You probably don’t need too great a memory to remember the Melissa virus.

It was one of the very first email-aware viruses, striking the internet hard in 1999 by forwarding itself in an infected Word document to the first 50 people in your Outlook address book.

It was the grandaddy of some of the big viruses that followed, paving the way for other significant email worms like the Love BugAnna Kournikova and MyDoom.

But what many people don’t remember is that David L Smith, the author of Melissa, named his virus after an exotic dancer he encountered in Miami, Florida.  And guess what? Melissa is back!

No, not the Word macro virus Melissa – Melissa the striptease artiste. Or at least another malware-loving stripper going  by the same name.

The Troj/CAPTCHA-A Trojan horse poses as sexy game, offering increasingly saucy photographs of a blonde model called Melissa in exchange for the user correctly unscrambling an image. The obfuscated image is a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), used by websites to ensure that requests are being made by a human being and not a bot.

As you can see below, everytime a CAPTCHA is entered correctly Melissa donates another item of clothing to charity.

What players of the game may not realise is that they are actually helping cybercriminals do their dirty work for them.  By deciphering the text in exchange for Melissa the stripper exposing herself some more, you are helping the bad guys get around checks designed to prevent them from setting up Yahoo! accounts.

The CAPTCHA-A Trojan horse isn’t prevalent, but it proves that hackers are becoming more inventive in their attempts to exploit an all-too-easily tempted public.

By the way, David L Smith was eventually sentenced in 2002 after causing millions of dollars worth of damage. One wonders if he ever dreamt that Melissa the stripper would make another appearance in the world of malware.