Unique Y2K Virus Discovered

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread


[Fair use/educational purposes:]

It's unclear whether the biblical nomenclature was intended to invoke images of Armageddon, but a new and unique type of virus, called "W95.Babylonia" has just been detected according to the Symantec Antivirus Research Center (SARC).

In an interview with Newsbytes, Vincent Weafer, director of SARC, said that that this virus is very complex, that infected computers would be very difficult to fix, and that it is unique in its method of operation.

According to Weafer, the virus, which was first reported to Symantec Monday, was planted in various Internet newsgroups and spread from there. Due to this fact, most of the reports of virus infection have come from home users, rather than business users.

Geographically, the virus has been reported in Europe, the US, and in the Asia/Pacific areas.

The virus is unique because it has the ability to download its viral components from the Internet. When the virus arrives on a PC user's system it will wait until the user makes an Internet connection. When the virus detects that the computer has accessed the Internet, it causes access to be made with a Web server located in Japan. Because the virus has such capability, Weafer said that it is possible for the virus writer to update the virus - and its effects on infected PCs - daily, hourly, or every second.

And, because the virus is updateable, the results of being infected with the virus can also change.

Weafer confirmed that W95.Babylonia is not spread primarily by opening infected e-mail. Rather, the virus is very complex, propagating to other computer users mainly via MIRC, a text-based communications application used to chat over the Internet. When an infected user logs onto MIRC, it will automatically send the virus to everyone within the same MIRC chat room as the infected user.

The virus will be sent as a Y2K bug fix, and once this purported bug fix is executed, it will infect 32-bit EXE program files and also Windows Help files.

According to SARC, the virus will try to modify an infected system to display the following message when the computer is booted:

W95/Babylonia by Vecna (c) 1999 Greetz to RoadKil and VirusBuster Big thankz to sok4ever webmaster Abracos pra galera brazuca!!! --- Eu boto fogo na Babilonia!

Weafer said that the virus, which has gotten a "Medium/High Risk" rating from SARC, can be blocked with a download available from Symantec at http://www.symantec.com .

Reported by Newsbytes.com

-- Steve (hartsman@ticon.net), December 09, 1999


Symantec Anti-Virus Research Center: W95.Babylonia report

-- 123 (1@2.3), December 09, 1999.

Moderation questions? read the FAQ