E-mail Virus Set for New Year's Day
Added: (Sun Dec 05 1999)
Pressbox (Press Release) -
CUPERTINO, Calif. -- A destructive new e-mail virus, which is designed to erase all the data on a computer's hard drive, is set for New Year's Day, computer experts warn.
The virus, dubbed W32.Mypics.Worm, which was discovered Thursday, affects Windows 95, Windows 98 and Windows NT systems and has a destructive payload that triggers at midnight Dec. 31.
"Computer Associates (CA) has identified this worm as having been specifically designed to cause significant damage in the year 2000," said Simon Perry, CA's eTrust business manager. "As the year 2000 quickly approaches, we are starting to see an increased frequency of dangerous viruses."
Appears to have stopped working
Experts said the worm spreads by automatically sending itself to as many as 50 people in the Outlook e-mail address book. The subject line is empty, and the body of the email reads, "Here's some pictures for you!"
The e-mail will also contain a worm program attachment named pics4you.exe (34,304 bytes).
It attempts to trick the user into believing that the attachment contains images. When the attachment is opened, the program will not display any images and simply seems to have stopped working.
However, the worm will become housed in memory and will e-mail itself to as many as 50 people. The worm will also adjust the home page setting of the Microsoft Internet Explorer browser to a personal Web site at geocities.com, which experts say may then link to an adult site.
Initial problem can be corrected
The Windows registry will also be modified and changed to load the worm in memory every time the computer system is rebooted. As a result, the worm will always be present in the computer.
The worm carries two payloads that mimic a Y2K problem.
First, the worm monitors the system clock and when it detects the year is 2000, the worm will modify the system BIOS. On the next reboot, the computer will display a message such as 'CMOS Checksum Invalid' and prevent the computer from booting.
But this problem supposedly can be corrected by going into the BIOS setup.
Virus is 'in the wild'
After the BIOS settings are corrected, the worm will execute its second payload and will format the hard drive.
Computer security experts have classified the virus as a moderate to high risk and have posted software on their Web sites to prevent users from catching the malicious code. The virus, say the experts, is "in the wild," meaning that it can be sent to unsuspecting computer users.
Perry said it's important for computer users to visit their anti-virus vendor sites and ensure that their anti-virus software is up-to-date in order to remain safe from attack.
By David Noack.