Dangerous Y2K Worm

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Link dated today <:)=

Symantec's [NASDAQ:SYMC] Anti-virus Research Center reported that it has discovered a new worm virus that reformats PC users' hard disks and switches their Web browser home page to an adult site.

Yunsun Wee, a spokesperson for Symantec, told Newsbytes that the Y2K virus is no relation to the MinZip worm virus that hit PC users earlier last week and is far more deadly.

"This is the fifth Y2K virus we've come across so far, but it's the most deadly in that it can reformat a user's hard disk, as well as cause other problems," she said.

Wee added that the virus was discovered overnight by the company's SARC operation, and, as a result, the company issued a public warning via the business wire service.

"Unlike MiniZip, which everyone reported on earlier this week, and which was actually discovered some days earlier, we wanted to ensure that we got the warning message out as quickly as possible," she said.

Symantec says that the virus disguises itself as a Y2K problem, and is received as an e-mail attachment disguised as a picture.

Once the program infects the host PC, it attempts to send itself using Microsoft Outlook to up to 50 people in the users' Microsoft Outlook address book. It also changes the home page in Internet Explorer to a site containing adult content.

Additionally, Symantec warns, on Jan. 1, 2000, the program will overwrite the checksum data in the host computer's CMOS (complimentary metal oxide semiconductor) memory so when the system is rebooted the user will think that there may be a Y2K-related problem with the computer's BIOS (basic input/output system).

The firm says that, once the PC is restarted, the virus will attempt to format the local hard drives and erase all data.

Symantec says that the W32/Mypics.worm can be easily spotted, since it arrives in an e-mail, with no subject line. The body of the message reads, "Here's some pictures for you!" with a Pics4You.exe" attachment that is approximately 34,304 bytes in size.

Once the user opens the attachment, the worm loads itself into memory and executes by sending out copies of itself attached to e-mail addressed to up to 50 people in the user's address list.

In addition, Symantec says that the code modifies the system registry to load its dropped file "cbios.com" on system startup and also changes the user's home page in Internet Explorer to http://www.geocities.com/siliconvalley/vista/8279/index.html, a Web site that contains some adult content.

The firm advises PC users not to attempt to open the attached document. Symantec anti-virus users should also download a new definition set - available immediately through the company's LiveUpdate feature or from the Symantec Web site at http://www/symantec.com/avcenter/download.html .

Reported by Newsbytes.com

-- Sysman (y2kboard@yahoo.com), December 06, 1999


I loved it when this new was reported several times here yesterday and I love it now!

-- lovin' it (lovin'@it.con), December 06, 1999.

Sorry, I did a find on "virus" and "worm" and didn't get a hit. Oh well... <:)=

-- Sysman (y2kboard@yahoo.com), December 06, 1999.

Thanks for the heads up Sysman.

Things like this are the reason I come to the Yourdan Board for news, sports and weather-or-not. It sounds like the cyberwars are getting pretty nasty. Reformat your hard drives. Whoa! I'll be thinking about that for a few. Seems like one could excuse the .exe file from utilities and avoid the potential, but I'm just now reading this post and will have to think through options carefully, before opting for a particular course of action.

I worry that a virus may be ingested prior to notification, and create havoc before I get the appropriate update. Setting a firewall ahead of system calls seems logical...but??

Other than disconnecting..(NOT)... any suggestions?



-- Michael (mikeymac@uswest.net), December 06, 1999.

Hi Michael,

Never open an attachment, until you have comfirmed from the sender what it is. Even people that you have absolute trust in may not know that the attachment is a virus. Sending itself to people in an address book makes this complicated! Someone may not even know that they've sent you mail. But even this doesn't always work, since there are reports about some new ones that don't even need to be opened.

Stay on top of virus updates! And always backup your important data. Even if your backup is infested, more than likely, there will be a fix, sooner or later.

This issue bugs me too. Y2K is a perfect opportunity for this type of non-sense...

Tick... Tock... <:00=

-- Sysman (y2kboard@yahoo.com), December 07, 1999.

Sysman, Technical question....

I just got an e-mail from "Martha"...I don't know a Martha...the subject and source were both Martha....Is it safe to open the e-mail and see what it is? Is it safe to download it, transport it elsewhere and have somebody else open it? It has no attachments, but do the new viruses need attachments to do their nasty work? Sorry to be so stupid, but I would really like to know. The only thing I do know is not to open attachments, unless I know the sender sent it.


-- Ynott (Ynott@incorruptible.com), December 07, 1999.

I know this has been posted before, but it is worth repeating.

If anyone doesn't yet have antivirus software installed, Microsoft has arranged for a free 90 day trial from several vendors. That will at least get you to early March 2000 and hopefully allow you to avoid most of the expected Y2K attacks. I believe the most popular ones are those made by Network Associates and Symantec.


-- John (jh@NotReal.ca), December 07, 1999.

Moderation questions? read the FAQ