|
|
|
|
| |
The end of December is the holiday season, but it is also becoming the Virus season. And now, as Y2K is approaching, we can expect a large number of new Viruses to surface.
Virus writers try to take advantage of the Y2K fears, and get publicity for their new Y2K related Viruses. Some Viruses are not Y2K specific, but they will use the massive amount of communication that is usually done in this season to spread, and wreck havoc. |
| |
Credit:
For more information about the above Viruses:
Fix2001
MyPics
Grinch
Kriz
Chantal
Babylonia
|
| |
The fact that the author of the Melissa Macro Virus was sent to jail does not discourage Virus writers. On the contrary: Melissa was a harmless Virus that did no direct damage when it infected. The only damage was in the fact that it propagated in such an amazing rate, clogging up mail servers and wasting bandwidth. A devastating Virus that does real and intensive damage will get much more publicity (and "fame") for its author(s).
This causes Virus makers to make their Viruses more and more sophisticated, in the never-ending battle against anti-virus applications. Viruses that spread through the Internet can infect thousands of computer users before the anti-virus makers can produce an 'antidote' - not to mention the time it takes users to upgrade their anti-virus applications.
Babylonia
A dangerous example of such a Virus is the Babylonia Virus. This Virus implements many features of the recently released Viruses:
* It spreads via e-mail (by patching the Winsock Dll file).
* It infects system files with copies of itself.
* It infects Windows help files (which makes it extremely difficult to find and remove it since most virus scanners do not scan help files).
And on top of those, it can spread via IRC (if the user is using the popular mIRC IRC program).
All these methods of replication are renewed implementation of previous Viruses, but Babylonia combines them all to achieve a Virus that is able to spread by so many ways, that it's likely to reach a huge amount of users.
In order to help itself spread, the Virus uses a nice social-engineering technique: It disguises itself as a fix for the Y2K problem. But instead of fixing the computer, the Virus does something that no other Virus has done before: It contacts a web site in Japan in an attempt to download a plug-in module for itself. This amazing feature allows the Virus to be updated remotely, making it easy for the author to change the Virus behavior. The only good news about this Virus is that it only infects Windows '95 machines.
Mypics
Among other viruses that are expected to cause their share of problems is the Mypics Virus, which also spreads by e-mail, and attacks on January 1st. This Virus attempts to delete the data from all the local hard drives, but it masquerades this as if it was a Y2K problem.
Others
The Chantal Virus also triggers on January 1st, 2000. This Virus deletes all files from the root directory (C:\) and it spreads via MS Word files.
As if those aren't enough, the Kriz Virus triggers on December 29th, and the Fix2001 Trojan masquerades itself as a Y2K fix, but instead of fixing, it erases the entire hard drive (immediately?).
Solutions?
Unfortunately, we don't have many solutions to offer. The usual Virus rules apply here, too: Keep your anti-virus software updated, and never open attachments sent to you by e-mail (unless you are expecting to receive one. Also, running an up to date anti-virus to check that specific file before opening it is always a good measure). But those rules aren't enough anymore. Viruses now spread via IRC channels; you can get infected from the Word Document you received from your colleague. But the worst news is, there's a good chance the Virus is so new that your freshly updated anti-virus won't catch it (or that it updated itself to be totally hidden).
|
|
|
|
|
|
|
|
|
|
