Holiday virus threats continue unabated

Viruses continue to pop up at an unrelenting rate as the holiday season nears full bloom, and in direct response, anti-virus vendors are standing firm by their vigil to inform the public of each one they deem as threatening, no matter how often those announcements may occur.

On Friday, computer users and administrators were not only warned about WIN32.ICQGREETING.WORM, a new variant of last week's "Mypics" Y2K virus, but also were reminded that a virus first discovered last August, W97M/Thus, also known as the "Thursday" virus, is set to activate its file-wiping payload on Monday, December 13.

The Thursday virus is a Word 97 macro virus that infects the normal.dot template within Microsoft Word 97. The virus turns the Word 97 Macro Warning feature off, and will infect any Word documents opened or created on that machine from that point on. If a computer system is left defenseless by this attack on Monday's "trigger date," the virus could completely delete a user's C: drive and subdirectories, said Sal Viveros, director of McAfee Total Virus Defense at Network Associates.

"If someone does have it, they're going to lose a lot of files," said Viveros, who noted that users can access www.nai.co. and www.mcafee.co. to update their anti-virus protection systems, or conduct a free online scan to see if they are in danger of Monday's planned assault.

The ICQGREETING worm is spread by mass e-mail using Microsoft Outlook. It seeks to destroy a user's data and applications by reformatting their disk drives on January 1, 2000. ICQGREETING has much bigger aspirations than its Mypics predecessor, because it attempts to format the D:, E:, A:, F:,U:, and B: drives. MyPics sought to wipe out only the C: and D: drives.

However, one key design flaw incorporated into the ICQGREETING worm drastically limits its effectiveness, said Narender Mangalam, director of security at Computer Associates International.

"It really doesn't work," said Mangalam. "In his hurry to get it out, the virus maker left all sorts of bugs in the code."

Magalam did note that the mass-mail aspect of the worm works fine, and one large company has contacted CA to report that its e-mail system was shut down because of it.

Dan Schrader, vice-president of New Technology for Trend Micro, said all of the media hype surrounding viruses is at least keeping the potential danger in front of the public.

"That's a thing about all this publicity: people are being informed," Schrader said. "Some people will read these articles and be more careful."

Join the newsletter!

Error: Please check your email address.

More about CA TechnologiesMcAfee AustraliaMicrosoftNAITrend Micro Australia

Show Comments

Market Place