What will happen in Melissa's wake?

Among them, how much damage was done, is David Smith the real writer, and can this happen again?

Melissa's statistics are impressive: More than 300 companies reported infections, and at least 100,000 PCs were affected, according to the Computer Emergency Response Team, or CERT, Coordination Center at Carnegie-Mellon University.

"This is the fastest proliferation of a virus to date," said Bill Polak, a spokesman for the center.

That easily puts Melissa in the same league as the Cornell Internet Worm of 1988, which, while it "only" downed 4,000 to 6,000 servers, may have affected more users than Melissa.

Overall, Melissa was relatively benign, though plenty of office workers lost productivity.

A good thing?
As late as Thursday last week, Melissa was still cropping up. Despite having already cleaned out the virus, game publisher GT Interactive inadvertently sent out Melissa to the media on Thursday -- the virus piggy-backed on a press release.

"I don't think it really affected us," said Dan Harnett, director of communications at the gaming firm. "It's more embarrassing than anything else."

For most companies, the worst damage amounted to closing down their e-mail gateways for several hours, while they put defenses in place and cleaned out existing infections. Some organizations shut off e-mail for at least a day, including the city of Portland, Ore., which closed down its e-mail servers for at least two days.

"This could be a hell of a lot worse than it is right now," said Ben DeLong, director of the New England chapter of the World Organization of Webmasters. "Step back a second and take a look at what the writer did: He created a virus that sends out e-mail. It could have been a lot worse."

In fact, the actual mischief caused by the virus may ultimately prove to have done more good than harm.

The virus heightened users' awareness of the potential problems that attachments pose to e-mail users. In addition, people started scanning their systems diligently.

Rob Rosenberger, Webmaster of the Computer Virus Myths homepage, said the site's virus alert service went crazy -- and not because of Melissa.

"Our alarms were going off left and right. People are suddenly all scanning and finding old viruses - not Melissa. Melissa made them pay attention," he said.

Anti-virus firms profit
The attention has definitely benefitted anti-virus firms.

Anti-virus company Trend Micro Inc. said daily traffic to its site has increased more than sixfold since Melissa surfaced.

Symantec Corp. (Nasdaq:SYMC) had measured a fourfold increase in traffic on Monday, at the height of the scare, said a representative.

That's made Wall Street sit up and take notice -- at least, in the short term. On Wednesday last week, shares of Symantec Corp. closed up 10 percent over Monday, and parent company Network Associates (Nasdaq:NETA) ended up 8 percent. Both company's stocks have since slumped.

Variants at large
That silver lining could tarnish quite soon, however. A second wave of Melissa virus offspring is already hitting computers, and this time, they could be more destructive.

New variants of Melissa are spreading as virus writers modify the original code and try to outdo each other. Anti-virus experts expect the variant strains to continue over the next several weeks before they die down.

While versions of Melissa that destroy files and send personal information back to the virus writer are possible, the viruses should be easy to kill because anti-virus software updated to fend off Melissa also catches its variants.

The latest Melissa offspring to crop up is nicknamed Syndicate, which experts expect to surface and spread soon. The virus joins variants such as Mad Cow, Papa, and Marauder, which have cropped up over the past few days.

Search for writer over?
The additional variants put the heat on the Federal Bureau of Investigation, which -- along with National Infrastructure Protection Center and the New Jersey State Police -- jumped into the spotlight with last Thursday's arrest of the suspected virus writer, David L. Smith..

Many speculated that the key to the search would be an identifier left in documents created using Microsoft Corp.'s Office applications.

Called the Global Unique Identifier, or GUID, the electronic fingerprints were thought to be able to point law enforcement to the virus writer by linking the virus to other documents created by the same PC.

But according to the New Jersey attorney general, the so-called electronics fingerprints had very little to do with the case that law enforcement built against Smith. That's because the GUID has several problems with it.

GUID no good?
For one, it can be changed, or forged, by knowledgeable users with a simple hex editor.

Moreover, the GUID only identifies the original creator of the file -- if the actual creator of the Melissa virus based his work on viruses created by others, as it is thought Smith did, then the GUID found in the virus would not be Smith's.

The N.J. attorney general did not reveal whether or not the GUIDs found in documents in Smith's PC matched the one in the virus.

That still leaves the question: Is Smith the now-notorious VicodinES? The two virus writers shared the same small service provider, Monmouth Internet. And Smith, if he did writer Melissa, borrowed a lot of tricks from VicodinES.

Finding the real writer
At least one knowledgeable programmer thinks the two writers are different, however.

"The [Melissa] virus was obviously the workings of two very different individuals," said Greg Miller, a senior consultant with network programmer Keane Inc. "In this case, it's the experience programmer who is really responsible for any damage caused, since the code written by the amateur is not different from the standard macro viruses which have been around for some time."

Is Smith VicodinES? We may find out this week.

ZDNN's Lisa M. Bowman contributed to this story