As any program seller at any baseball park will confirm, you cant tell the players without a scorecard–and the same might also be said for identifying the plethora of viruses that seem to constantly arise to threaten computer systems.
According to virus software maker Panda Software, over the first six months of 2001, a flurry of viruses–malicious codes that inflict harm on or incapacitate computer systems–have threatened the security of computers worldwide.
The most widespread of these viruses belong to a sub-group known as “worms,” says Los Angeles-based Panda. A worm is a virus that replicates itself by sending itself out to other computers using its victims computer systems, notes Steve Demogines, director of technical support in the United States for Panda.
Based on its experience of the most common viruses detected in the first six months of this year, Panda has released a listing of its top 10 online troublemakers–its own scorecard. The company points out that most of these viruses have been propagated via e-mail and the Internet.
Heading up the list of cyber threats is W32/Magistr (also known as W32/Disembowler), the malicious code most commonly detected this year, says Panda. This virus spreads via an infected file attached to e-mail messages, Demogines explains. “It selects some e-mail address at random and sends itself out.”
Demogines says W32/Magistr is polymorphic, meaning that it can infect different types of files, which makes it more difficult to detect.
How do you know if youve been infected? According to Demogines, youll see strange messages on your screen, such as “Arf, arf, I got you,” along with more obscene greetings.
Despite its fear-inspiring alternate name, however, W32/Magistr is “not super destructive,” says Demogines. “Mainly what it seems to do is just overload the system.”
Taking second place in the virus derby for the first six months of 2001 is I-Worm/MTX, which poses a danger in that it is a virus, a worm and a Trojanall wrapped up in one piece of malicious code, says Panda. A Trojan is a virus that, once it gets into a computer, will allow access to that computer from outside sources.
Also delivered via an attachment to e-mail, this virus seems to specialize in amorous messages in the e-mails subject line, such as “love letter for you,” Demogines explains. The subject line also changes with each instance of access, he adds.
According to Demogines, I-Worm/MTX “loads up the system and causes problems connecting to the Internet.”
Next on the list of virus bad guys is W32/Hybris. According to Panda, this virus can control outbound e-mail and “is also capable of updating itself by downloading plug-ins.” A plug-in is a piece of software that normally updates or adds capabilities to a larger software program.
With this virus, the sender will be “hahaha” and the subject line will be “Snow White and the Seven Dwarfs,” says Demogines. “This one was hard to get rid of,” he notes. “It runs a spiral pattern on your screen and you cant move it aside and cant work around it.”
This virus also replicates itself and sends itself to anyone the user of the infected computer e-mails, Demogines adds.
In fourth place is W32/Navidad.B, a worm that also bears the name Emanuel.EXE, says Demogines. This virus displays an icon and “plays with the user,” he explains. “It says Come on, lets play, then when you click the icon, it says Never press this button, along with various other messages.”
The problem with the playful code is that “it never goes away and stays in front of your screen,” says Demogines.
Next on the cyber list of shame is PrettyPark, a worm that can expose sensitive data, such as passwords or private access keys, to prying eyes, says Panda.
“This ones older; its been around for about two years,” says Demogines of PrettyPark, which spreads via e-mail attachments. It starts with an icon that says South Park (apparently referencing the television program), but when users are lured in by clicking on the icon, they are unable to open up programs or execute commands, he explains.
“It also opens up a back door where it could allow someone access to your Internet passwords or someone outside could create and delete folders on your computer,” adds Demogines.
W32/FunLove.4096 infects Windows files that bear EXE (executable files), OCX (ActiveX Controls) or SCR extensions, says Panda.
Youll know you have it by the message “fun-loving criminals” on your screen, after which your system will spontaneously re-boot, notes Demogines. Then your system will continue to re-boot in this manner.
While the repeated re-boots are a nuisance, Demogines points out that this virus can also overwrite your computers existing files. And once this code gets into a network, it can do the same to all machines on that network.
JS/KAK.WORM is “not a real damaging virus,” according to Demogines. The tricky part of this virus, however, is that it can open from the body of an e-mail message, so you dont have to open an attachment in order to be infected.
Demogines says JS/KAK.WORM “is a nuisance, because when you re-boot your system it [shows] a nonsense message, then you cant get into Windows.”
The virus uses a security hole in Microsoft Outlook Express to insert itself into the AutoSignature (a feature that lets you automatically add text to mail messages) of all outgoing mail, says Panda. The good news, Demogines adds, is that this virus is relatively easy to get rid of using virus detection software.
VBS/HELP, a worm virus, also uses Microsoft Outlook to propagate, hiding in the background of e-mail messages, according to Panda. “If the total of the date and month equals 13 when it is activated, this virus goes from infecting files with an HTM, ASP, VBS and HTT extension and looks for and deletes files with DLL and EXE extensions.”
While Demogines says there have not been many instances of VBS/HELP infections in the United States, “its bad for those who arent protected.”
Number nine on the list of most common viruses for the first six months of 2001 is VBS/Valentin. According to Panda, this virus gets inserted in the AutoSignature of a message and sends itself to all of the entries in the users address book. “It also generates random mobile telephone numbers and sends a text message to them.”
Rounding out the list of viruses is VBS.Homepage.B@mm, a worm designed to send a copy of itself to all the entries in the Outlook address book and to “open the Internet browser at Web pages related to the Uruguayan government,” says Panda.
According to Demogines, this virus doesnt do any particular damage beyond replicating itself and creating a nuisance. It does, however, also try to open pornographic Web sites on the users browserpotentially a very embarrassing situation.
When it comes to preventing virus infection, Panda recommends that users avoid exchanging “joke” files, and that they scan all e-mail attachments with anti-virus software before opening them.
Demogines cautions that even e-mails that seem legitimatecoming from friends or business associatesmay contain viruses unwittingly spread through the senders address list. “Always question the subject of the file itself,” he suggests.
Further information is available at www.pandasecurity.com.
Reproduced from National Underwriter Life & Health/Financial Services Edition, August 27, 2001. Copyright 2001 by The National Underwriter Company in the serial publication. All rights reserved.Copyright in this article as an independent work may be held by the author.