Virus poses as nude Jennifer Lopez photos

[InfoSec News <isn () c4i org>]

http://news.cnet.com/news/0-1003-200-6135045.html?tag=mn_hd

By Greg Sandoval
Staff Writer, CNET News.com 
May 31, 2001, 2:20 p.m. PT 

By promising to display pictures of actress Jennifer Lopez naked, the
destructive Chernobyl virus is again spreading across the Internet via
e-mail.

Antivirus-software maker Panda Software issued an alert Thursday after
receiving about eight reports of the virus, including one from a major
aviation company. The aviation company discovered the problem before
the virus could do any significant damage. Panda has given the virus
its highest rating of potential risk, distribution and destruction.

One of Panda's competitors, Symantec, considers the virus less of a
threat, saying it received only six reports of the virus Wednesday,
indicating that the virus was spreading too slowly to cause any real
damage.

But the Jennifer Lopez files pose a serious threat regardless, said
Steve Demogines, director of tech support at Panda. Hiding behind the
fictitious photos of Lopez is the lethal Chernobyl virus, which can
erase content on files and disable computers.

The other factor that makes the Lopez file dangerous, Demogines said,
is that it uses a "social engineering" technique that could prove
effective. The term social engineering refers to the practice of
coming up with intriguing e-mail subject lines to fool the
unsuspecting into opening virus-infected files.

The Lopez file's suject line reads "Where are you" and the attachment
is titled JenniferLopez_Naked.JPG.VBS.

"Virus writers are still successfully using the social engineering
technique to trick the unwary user," Panda said in a statement
Thursday.

The Jennifer Lopez file is the latest in a string of mass-mailing worm
viruses--copycat versions of the AnnaKournikova virus, which spread
across the globe in February by encouraging victims to click on a
supposed picture of Russian tennis star Anna Kournikova.

The Anna virus had the ability to mail itself to a large number of
Internet users but did not damage computer systems. Its main threat
was that it might clog servers. The virus inside the Lopez file packs
a more destructive payload.

When the W95/CIH virus is unleashed, it goes on a search-and-destroy
mission, Panda said in the statement.

The virus seeks out and overwrites code on specific files on the hard
disk, stripping them of their content. The virus also infects the
Windows installation folder and can disable a computer by overwriting
the motherboard, rendering it useless and preventing a user from
booting up, Demogines said.





ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.