Virus Alert

by a friend Wednesday, Sep. 26, 2001 at 7:28 AM

I'm not sure if reprinting is allowed here but this seemed kinda important.

By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - Computer security experts on

Monday warned of a new virus that deletes files while

masquerading as a program that will allow people to vote on

whether the United States should go to war over the Sept. 11

hijacker attacks.

The "Vote Virus", which so far is not wide spread,

circulates via e-mail to users of Microsoft Corp.'s Outlook e-mail program, said Simon Perry, vice president of

security solutions at Computer Associates International Inc.

The virus, punctuated by strange grammar and a mix of

lower- and upper-case letters, appears with the subject line: "Peace between America and Islam!" and the body of the e-mail reads: "Hi. Is it a war against America or Islam!? Let's vote to live in peace!" Perry and other experts said.

When the attachment entitled "WTC.exe" is opened, the virus

tries to delete all the files on the computer's hard drive and sends copies of the e-mail to every address listed in the computer's address book, he said.

The virus also defaces any Web pages that are hosted by an

infected computer to read: "America ... few days will show you what we can do!!! It's our turn ))) ZaCker is so sorry for you," according to Perry.

In addition the virus, which is a worm because of its

self-propagation capabilities, deletes the Windows directory

files, tries to download a "backdoor" on the computer and

unsuccessfully attempts to reformat the system, said Vincent

Gullotto, senior research director of Network Associates Inc.'s Antivirus Response Team. A "backdoor" would enable

someone to get remote access to the computer without

permission.

The virus also can delete antivirus software on the

computer, according to Vincent Weafer, director of Symantec

Corp.'s Antivirus Research Center.

SICK SENSE OF HUMOR

The virus is believed to be the work of an opportunist and

not associated with the Sept. 11 jetliner attacks on the World Trade Center and Pentagon in which nearly 7,000 people feared dead.

"There is no evidence that this is related to the people

who carried out" the attacks, Perry said.

Virus writers have discovered that they can easily dupe

people into opening emails by appealing to their prurient

interests.

For example, popular viruses have purported to be photos of

naked women or love letters, like the "I Love You" virus that caused an estimated .7 billion in global damage last year.

Researchers are worried that the new, dangerous virus might

spread quickly because of its supposed relation to the debate over U.S. retaliation for the attacks.

"We feel this is likely to get quite a high pickup in that

a lot of people are going to click on this," Perry said. "If

the news about this doesn't get out before people get their

e-mails, they're at risk."

Perry said he expects there will be more socially

engineered viruses related to the topic of war and terrorism.

"What this is a sick sense of humor," Perry said. "Chances

are this is not any kind of cyber-terrorism. It's just cyber

terror."

"If this was truly politically motivated there would have

been more of a message some place in the code," noted Gullotto.

FEW INFECTIONS SO FAR

While Symantec and Network Associates reported only a

couple of customer infections each, between five and 10 large corporate customers of Computer Associates have been infected since the virus first appeared on Monday morning, Perry said.

Researchers do not know where it originated from but it has

not yet hit Europe and Asia, he said.

The software companies are working to update their

antivirus programs to detect and protect computers against the new virus, researchers said.

Original: Virus Alert