At least 4 major companies crippled by latest virus

[InfoSec News <isn () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500218617-500311074-501734893-0,00.html

By D. IAN HOPPER, Associated Press

WASHINGTON (June 20, 2000 11:15 a.m. EDT http://www.nandotimes.com) -
A new computer virus, which resembles a harmless text file, has caused
shutdowns of the e-mail systems at four Fortune 100 companies,
anti-virus experts said.

The virus does no harm to computer files, but similar to May's "Love
Bug" virus, simply multiplies by sending itself out to everyone listed
in the infected computer's address book.

While users are well-warned about VisualBasic attachments, which
appear as ".vbs" extensions, the so-called "Stages" virus looks like a
text file, complete with ".txt" extension. But the real extension is
".shs," which stands for Windows Shell Scrap Object. A Scrap file can
contain anything, including executable and malicious code.

The ".shs" extension does not appear even if a user sets Windows to
show all file extensions. Microsoft designed this extension to be
invisible, and it cannot be changed without entering the operating
system's most fragile configuration systems.

The virus hit companies in the United States by Friday and began
appearing in Australia and Asia over the weekend, David Perry of Trend
Micro Inc., a maker of anti-virus software, said Monday.

Since then, makers of the popular McAfee anti-virus program have
reclassified "Stages" as a larger threat, and said more than 100 of
their customers - many major companies and almost all based in the
United States - reported infections. One company had more than 5,000
individual users infected.

"Due to the infection rate, we're moving it to 'high risk,"' said Sal
Viveros, a spokesman for McAfee said.

Viveros said an analysis of the virus showed that it was signed by
someone named "Zulu," the same author that wrote the "Bubbleboy" virus
that appeared last year.

"Stages" uses Microsoft Outlook or Outlook Express mail programs to
spread, but it can also infect through chat rooms or America Online's
ICQ instant messaging software.

The e-mail message contains "funny," "life stages" or "jokes" in the
subject line. The text of the message reads "the male and female
stages of life," with an attachment, "life-stages.txt" or
"life-stages.txt.shs." The attachment contains a joke about advancing
age.

Surprisingly, an anti-virus vendor first warned users about the threat
of stealthy ".shs" files containing viruses in August 1998. But this
is the first reported ".shs" virus, according to virus experts.

Anti-virus companies have issued software updates to catch the new
virus and are encouraging businesses to filter incoming mail and
delete attachments with the ".shs" suffix.

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".