Loading ...
Sorry, an error occurred while loading the content.

NYT worm story

Expand Messages
  • Popplestone, Ann
    This was in the NY times. I thought this was a good occasion for your SACC-computer guru to remind you to check your PC and software for Y2K compliance and to
    Message 1 of 1 , Dec 4, 1999
    • 0 Attachment
      This was in the NY times.

      I thought this was a good occasion for your SACC-computer guru to remind you
      to check your PC and software for Y2K compliance and to be sure that your
      anti-virus files are up to date.

      Cheers!

      Ann

      New Disguise for Infection of Computers
      By JOHN MARKOFF

      The first of what experts fear could be many malicious
      software programs masquerading as the Year 2000 computer problem began
      spreading on Thursday. The new program hides on hard drives, poised to begin
      destroying data on Jan. 1.
      The program, which is technically known as a computer worm,
      has been named W32.Mypics.Worm by anti-virus researchers. The researchers
      said Friday that the worm had already made its way into the networks of some
      corporate clients, though they would not identify them.
      Several anti-virus companies reported that they had already
      released code that identifies and eliminates the program.
      Like two recent worms, Melissa and Explore, and their
      variants, the new worm spreads by pretending to be e-mail from an
      acquaintance. Unlike the Explore worm, however, it cannot attack a computer
      or data unless the recipient opens a file sent as an attachment.
      But the most crucial difference with this worm is that it is
      designed to attack its host computer on New Year's Day, when many people
      will be expecting a variety of computer-related disruptions as a result of
      the so-called Y2K problem.
      "There is so much media attention about Y2K problems that
      this is a great way to disguise a malicious program," said Marian Merritt,
      group product manager for anti-virus products at the Symantec Corporation.
      This kind of malicious program has been long anticipated. In
      background meetings with reporters and analysts earlier this year,
      anti-virus software developers began describing a range of possible events
      in which virus authors were likely to use the timing of the Year 2000
      problem to propagate their handiwork.
      The Year 2000 problem is caused by the fact that programmers
      for many years set aside only two digits to denote years in software. As a
      result, programs that have not been repaired by Jan. 1 will act as if the
      year is 1900, possibly causing serious problems throughout the increasingly
      digital world. Viruses and worms that mimic the Year 2000 problem actually
      have nothing to do with flawed year designations.
      A number of anti-virus companies said yesterday that they
      had received reports about the program and that it had probably first been
      released in the United States.
      Intended for users of Windows-based computers, the worm is
      transmitted as an attachment to e-mail that lands in Microsoft's Outlook and
      Outlook Express e-mail software. Once it invades a computer, the worm will
      resend itself to up to 50 people in the Outlook address book. There is no
      subject line, and the body of the e-mail contains the phrase "Here's some
      pictures for you!"
      But the attachment, a file called "pics4you.exe," is
      actually a small program that runs when an unsuspecting computer user tries
      to view the pictures.
      "These types of programs really harm the new user," Ms.
      Merritt said. "Although an expert user will usually not fall for these
      tricks, people who are new to computers are generally unsuspecting."
      If the message and the attached file are simply deleted, the
      program will not harm a computer, she said.
      If the program is run, however, it will mail itself to 50
      people in the Outlook address book, then hide itself in a component of the
      Windows operating system known as the registry. The program also resets the
      home page of users of Microsoft's Internet Explorer browser to a personal
      page on the Yahoo Geocities Web site that until yesterday afternoon
      contained sexually explicit pictures.
      The page was titled "Daves Web Page: Brought to You From the
      Cave!" Computer researchers said yesterday that they were not certain why
      that particular page had been chosen, though one said it was possible that
      the virus author simply wanted to make use of a counter on that page that
      recorded the number of visitors.
      As of noon yesterday, the site had recorded almost 5,000 new
      visits. Shortly thereafter, a Yahoo spokesman said, the site had been taken
      down, but he would not say whether it had been taken down by the page's
      owner or by the company.
      After infection, each time the computer is turned on, the
      worm program checks the date. When it detects Jan. 1 or a later date, it
      executes two separate tasks known as payloads. The first tries to overwrite
      the computer's BIOS, or basic input output statement, memory, a small
      permanent storage area that contains the instructions the computer follows
      when it boots. These are necessary for everything from running a modem or
      printer to finding the operating system on a hard drive.
      Once that happens, the computer when next turned on will
      refuse to start. Instead, it will display a message like "CMOS Checksum
      Invalid."
      Many of today's computers protect the BIOS from this type of
      vandalism, but the worm's second form of attack is more malicious: it
      overwrites a Windows start-up file named autoexec.bat with a file of the
      same name that causes the operating system to reformat the hard drive, or C
      drive, and any second hard drive or other storage device designated as the D
      drive. This destroys all programs and data on the computer.
      "We are very concerned about the time delay built in to this
      program," said Narender Mangalan, director of security for Computer
      Associates in Islandia, N.Y., the maker of McAfee anti-virus products.
      He said that because both the date trigger and the use of
      e-mail address books by viruses and worms were increasingly popular trends,
      the company had released a program known as a variant analyzer that tries to
      find programs that are similar to existing viruses and worms.
      And the variations are likely to grow quickly between
      Christmas and New Year's Day. Traditionally, Ms. Merritt said, the number of
      viruses and worms tends to increase during and after school holidays, when
      students, who are the most frequent authors of malicious programs, have more
      free time to devote to their illicit hobbies.
    Your message has been successfully submitted and would be delivered to recipients shortly.