Mother's Day Worm Worse?greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread |
Mother's Day Worm Worse? by Michelle Finley8:00 a.m. May. 5, 2000 PDT
Four other versions of the original worm had been found by Friday and several more are expected to appear this weekend, according to Mikko Hypponen, manager of anti-virus research at F-Secure Corporation.
Security experts also believe that versions of the bug will continue to infest networks for at least the next few weeks.
The "Mother's Day" worm looks like a verification of an online purchase and contains the following text in the body:
"We have proceeded to charge your credit card for the amount of $326.92 for the mothers day diamond special. We have attached a detailed invoice to this email. Please print out the attachment and keep it in a safe place. Thanks Again and Have a Happy Mothers Day! mothersday@subdimension.com Attachment: mothersday.vbs
Once the invoice is opened, the virus is launched and deletes all .ini and .bat files from local drives and directories. Since these are root files, deleting them could cripple computers, making them unstable if not impossible to boot up.
"The Mother's Day version of this worm is quite cunning," Hypponen said.
Other variants in circulation include one that arrives with the subject line "Susitikim shi vakara kavos puodukui ..." and an attachment that reads "Susitikim .vbs" and another that bears the subject line "fwd: Joke." The attachment is titled "Very Funny.vbs"
Once a virus is released into the wild, other malicious coders often modify the original code and then "liberate" their variants, said a source who admits to "playing" with viruses, and prefers to remain anonymous.
"The ILOVEYOU virus is very tempting. It's a simple code that's easy to alter," he said.
Experts have said the "Love Bug" code is at least a slight variant of the infamous Melissa worm. The perpetrator evidently added to the Melissa framework by building in the action of eating files, specifically JPEGs and MP3s.
The "Love Bug" and its variants are the fastest moving computer virus in history. But the new strains don't seem to be spreading as fast as the original did.
"I suspect it's because many companies have put filters up for attachments," said Catherine Whiting of SecServ, a Manhattan security consultant firm.
Whiting said that the original virus spread through enterprises and government virtually unchecked until about 10 a.m. EDT. "Now people are on guard," she said. "But the new variants, especially the Mother's Day version, may hit home users over the weekend."
She stresses that any and all attachments, even those that appear to come from people that the recipient knows, should be viewed with great suspicion particularly over the next few weeks.
"Did you order anything from this company? Would your friend send a joke as an attachment? Did 50 of your coworkers suddenly decide that they love you?" Whiting said.
"All you have to do is think before you click."
Lycos Inc., the parent company of Wired News, offers a fix for the bug at its site.
http://www.wired.com/news/technology/0,1282,36152,00.html
-- Martin Thompson (mthom1927@aol.com), May 05, 2000
I got the Mother's Day message today. You'd better believe it was deleted and went into my ash heap in a hurry. I didn't even open the original, much less the attachment.
-- JackW (jpayne@webtv.net), May 05, 2000.
The viruses are coming so fast now that I can't even see how McAfee can stay up with them.
-- Loner (loner@bigfoot.com), May 06, 2000.
It's getting to the point where I'm afraid to turn on my computer.
-- LillyLP (lillyLP@aol.com), May 06, 2000.
I'm beginning to believe this could turn out to be a bigger problem than y2k ever hoped to be.
-- Uncle Fred (dogboy45@bigfoot.com), May 06, 2000.