Eric Lai
SAN FRANCISCO: Viruses that sought to take advantage of the Christmas spirit
left Internet users relatively unscathed this season, more peeved than harmed,
according to a software security expert.
McAfee.com Inc., a major provider of anti-virus software, said it has tracked
about a 1,000 instances of computers being infected by holiday-themed viruses in
the last month and a half.
Most of the reported holiday-themed viruses are so-called worms, which try to
spread themselves quickly through e-mail but tend to cause less damage. There
have been few reports of destructive viruses, according to Ian Hameroff, a
manager at Computer Associates International Inc.
But users should still be wary of e-mails from unknown addresses carrying
suspect files, and delete them immediately rather than opening them, he said.
"Even worms can be modified to become destructive," Hameroff said.
One destructive holiday virus was Kriz, which activates if a user turns on
his computer on December 25th, Christmas Day, and erases all of the files on the
hard drive.
A variant of the Chernobyl, or CIH, virus which devastated computers in 1997,
Kriz can lie dormant year after year if the user doesn't turn his PC on
Christmas Day. All of the major anti-virus software makers have developed
protection against Kriz.
Most of the reported holiday viruses were more like the Navidad worm.
Reportedly originating in Latin America, Navidad sends itself to users via
e-mail which, after users click on a link in the text of the message, says
"Feliz Navidad," Merry Christmas in Spanish.
Navidad sends itself to e-mail addresses listed in the user's Microsoft
Outlook address book, an operation that can cause computer programs to slow and
possibly crash. Reports of Navidad peaked in November but fizzled out by
Christmas.
Another worm, variously called Music or Santa, played the song "We Wish
You A Merry Christmas" on computer speakers as well as spreading itself via
Microsoft Outlook.
One just-emerged worm is Tqll-A, which arrives in users' e-mail box as a mail
called "Happy New Year". Users can activate the worm if they click on
the attachment "happynewyear.txt", which replicates itself by e-mail
and also downloads a file called "Teen.exe" onto the user's computer.
Computer Associates' officials said they have had no reports of Tqll-A
infection yet.
Despite their facade of holiday cheer at this time of year, experts said worm
programs can be destructive in effect, if not intent.
The most infamous worm is the Love Bug, which affected nearly 45 million
people on a single day in May, causing so much e-mail to be sent that Internet
mail servers crashed and traffic worldwide slowed down.
Total damages from lost sales and productivity were estimated at about $7
billion, according to Computer Associates.
(C) Reuters Limited 2000.