Melissa

Submit the stream number that contains the Melissa macro in the LIST.DOC file (1 points)

$ ./oledump.py LIST.DOC 
  1:       106 '\x01CompObj'
  2:       576 '\x05DocumentSummaryInformation'
  3:       512 '\x05SummaryInformation'
  4:      4113 '1Table'
  5:       331 'Macros/PROJECT'
  6:        26 'Macros/PROJECTwm'
  7: M    6544 'Macros/VBA/Melissa'
  8:      3946 'Macros/VBA/_VBA_PROJECT'
  9:      1407 'Macros/VBA/__SRP_0'
 10:        98 'Macros/VBA/__SRP_1'
 11:       178 'Macros/VBA/__SRP_2'
 12:        64 'Macros/VBA/__SRP_3'
 13:       633 'Macros/VBA/dir'
 14:      9253 'WordDocument'

After identifying which version of word, Melissa will enable all macros from registry (1 points)

$ ./oledump.py -s 7 -v LIST.DOC
If System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Word\Security", "Level")

What is the email service targeted by Melissa (1 points)

$ ./oledump.py -s 7 -v LIST.DOC
Outlook

How many number of email addresses were collected (1 points)

$ ./oledump.py -s 7 -v LIST.DOC
If x > 50 Then oo = AddyBook.AddressEntries.Count

What is the string used by melissa to identify whether a PC is infected or not and decide whether to collect email addresses or not (2 points)

System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\", "Melissa?") = "... by Kwyjibo"
... by Kwyjibo

What is the variable responsible for identifying the email username of the infected PC (2 points)

Application.UserName

What is the text in email body used for spreading melissa (1 points)

Here is that document you asked for ... don't show anyone else ;-)

What is the text that is inserted by Melissa in an open word document? (1 points)

Twenty-two points, plus triple-word-score, plus fifty points for using all my letters.  Game's over.  I'm outta here.