Security firms reflect on 10th anniversary of Melissa

Today sees the 10th anniversary of the notorious Melissa virus that infected email servers across the globe, and forced a step change in the way anti-virus companies react to threats.

Melissa was allegedly named after a lap dancer whom David L. Smith, the virus's creator, met in Florida.

The malware sent an infected email entitled 'Here is that document you asked for ... don't show anyone else;-)', via Microsoft Outlook to the first 50 email addresses on a victim's mailing list, overloading email servers across the globe.

The attack was a wake-up call to the anti-virus industry, and signalled the end for products using only signature-based detection techniques, according to Alex Shipp, senior director of emerging anti-malware technologies at MessageLabs.

"Prior to that we were creating signatures once day, and thought that was pretty good because viruses were usually spread by floppy disc," he explained.

"But after it hit, we automated the process and now we're pulling signatures once every five minutes. It was the first wake up call that one a day is not good enough, and the beginning of the end for [products] relying on signatures. "

Melissa was also a landmark for the bad guys, who saw how quickly a virus of its kind could spread across the world. As such, the virus could be said to have paved the way for the development of botnets.

"At the time, viruses were written by people to cause annoyance, and Melissa was no exception," said Shipp. "But then criminals saw how quickly they could get PCs infected and under their control. Although since then, of course, it has become more important to them to get them out stealthily than quickly."