Elinor Mills Abreu
SAN FRANCISCO: Computer security experts on Monday warned of a new virus that
deletes files while masquerading as a program that will allow people to vote on
whether the United States should go to war over the Sept. 11 hijacker attacks.
The "Vote Virus," which so far is not widespread, circulates via
e-mail to users of Microsoft Corp.'s Outlook e-mail program, said Simon Perry,
vice president of security solutions at Computer Associates International Inc.
The virus, punctuated by strange grammar and a mix of lower-and upper-case
letters, appears with the subject line: "Peace between America and
Islam!" and the body of the e-mail reads: "Hi. Is it a war against
America or Islam!? Let's vote to live in peace!" Perry and other experts
said.
When the attachment entitled "WTC.exe" is opened, the virus tries
to delete all the files on the computer's hard drive and sends copies of the
e-mail to every address listed in the computer's address book, he said.
The virus also defaces any Web pages that are hosted by an infected computer
to read: "America ... few days will show you what we can do!!! It's our
turn ))) ZaCker is so sorry for you," according to Perry.
In addition the virus, which is a worm because of its self-propagation
capabilities, deletes the Windows directory files, tries to download a
"backdoor" on the computer and unsuccessfully attempts to reformat the
system, said Vincent Gullotto, senior research director of Network Associates
Inc.'s Antivirus Response Team. A "backdoor" would enable someone to
get remote access to the computer without permission.
The virus also can delete antivirus software on the computer, according to
Vincent Weafer, director of Symantec Corp.'s Antivirus Research Center.
Sick sense of humor
The virus is believed to be the work of an opportunist and not associated with
the Sept. 11 jetliner attacks on the World Trade Center and Pentagon in which
nearly 7,000 people feared dead. "There is no evidence that this is related
to the people who carried out" the attacks, Perry said.
Virus writers have discovered that they can easily dupe people into opening
emails by appealing to their prurient interests. For example, popular viruses
have purported to be photos of naked women or love letters, like the "I
Love You" virus that caused an estimated $8.7 billion in global damage last
year.
Researchers are worried that the new, dangerous virus might spread quickly
because of its supposed relation to the debate over US retaliation for the
attacks. "We feel this is likely to get quite a high pickup in that a lot
of people are going to click on this," Perry said. "If the news about
this doesn't get out before people get their e-mails, they're at risk."
Perry said he expects there will be more socially engineered viruses related
to the topic of war and terrorism. "What this is a sick sense of
humor," Perry said. "Chances are this is not any kind of
cyber-terrorism. It's just cyber terror."
"If this was truly politically motivated there would have been more of a
message some place in the code," noted Gullotto.
Few infections so far
While Symantec and Network Associates reported only a couple of customer
infections each, between five and 10 large corporate customers of Computer
Associates have been infected since the virus first appeared on Monday morning,
Perry said.
Researchers do not know where it originated from but it has not yet hit
Europe and Asia, he said. The software companies are working to update their
antivirus programs to detect and protect computers against the new virus,
researchers said.
A free security update for Outlook 2000 that was released about a year ago
automatically blocks it, according to Microsoft spokesman Jim Desler. "We
find it appalling that someone would choose this time and these circumstances to
propagate a virus," he said.
(C) Reuters Limited 2001.