Computer virus insults victims

[InfoSec News <isn () c4i org>]

Forwarded from: Elyn Wollensky <elyn () consect com>

http://news.bbc.co.uk/2/hi/technology/2523387.stm

Friday, 29 November, 2002

Security experts are warning computer users to be on the look-out for
an insulting worm that can seriously harm a PC.

Known as Winevar, the worm is spreading via e-mail as an attachment
that infects computers running Windows.

Winevar has a particularly rude insult, displaying the message: "Make
a fool of oneself: What a foolish thing you've done!"

If users press the ok button, they could lose all the files on their
computer.

Security links

After infecting a system, the worm disabled security software and
anti-virus programs, launching the W32FunLove.4099 virus.

The worm arrives with the subject line of "Re: AVAR (Association of
Anti-Virus Asia Researchers).

Anti-virus firm Sophos suspects the author has links to the recent
AVAR conference held in Korea.

"Ironically the Winevar worm author seems to have got his inspiration
from a conference intended to reduce the impact of computer viruses,"
said Graham Cluley, Senior Technology Consultant for Sophos.

CEO danger

As part of its payload, Winevar attempts to launch a denial-of-service
attack on the website of US security firm Symantec.

Another side effect of the virus is its ability to change a computer's
settings to create an imaginary file extension ".ceo".

Any future viruses sent with this file extension will be automatically
run on the computer.

"It is quite amusing that in the post-Enron world we find that CEOs
can be dangerous to your PC," said Mr Cluley.

Anti-virus firms have posted information about the worm and users are
advised to check out their websites to find out how to protect
themselves and clean up their PCs.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.