Email viruses alive and kicking in December
January 5, 2001
"Navidad," an email virus, proved to be one of the most annoying holiday missives computer users dealt with in December, according to surveys from several technology companies.
Another pervasive worm, "Prolin"--also known as "Creative"--wreaked havoc as well. This virus, which comes concealed as an Internet movie, was labeled by one antivirus company as a "high risk" threat to computers.
"Despite warnings, users received some unwelcome Christmas presents in the form of new viruses such as...Prolin and Navidad," said Graham Cluley, senior technology consultant at Sophos Anti-Virus, which reported a list of top viruses in December.
"Viruses such as these are increasingly using psychology to tempt users to open attachments, and everyone's New Year's resolution should be to do a double take before they double-click," Graham added.
Other worms prevalent last month included "Love Letter" and "Hybris."
Most of the viruses topping security experts' lists contain mass-mailing capabilities and Windows infectors. Because of their viral nature, these worms spread rapidly and are hard to combat.
"The Win 32 mass-mailer infectors are one of our biggest concerns today--we have seen a dramatic rise in these types of infectors over the last six months," said Vincent Gullotto, senior director of McAfee's Anti-Virus Emergency Response Team (AVERT).
Gullotto estimated that instances of these viruses grew 200 percent last year. "The trend of the Visual Basic Script and Win 32 viruses has dramatically increased in 2000 and we believe will continue to increase in 2001."
The problem with these viruses is that they bog down networks and can be extremely destructive, not only by infecting files but also by taking them over completely, Gullotto said. He pointed to Hybris, Navidad and Prolin as viruses that are chief worries for AVERT.
Gullotto also said the Love Letter virus remains a big problem. It has up to 60 variants because its scripting language, Visual Basic Script, is relatively easy to understand and replicate, Gullotto said. As a result, the variants are harder to detect each time, similar to what happened with the "Melissa" virus that paralyzed corporate email systems in 1999.
Although Navidad infected many email in boxes--including those of numerous Fortune 500 companies--the virus caused more annoyance than destruction.
"While users in general have grown more cautious about opening attachments in their email, the timing and name of this virus did a good job of hiding the threat," said Brad Schrader, president of Mail.com, which issued a similar report on the top 10 viruses.
"Only those who had heard about this specific virus, or were updating their desktop virus software throughout the holiday season, would have been protected," he said.
The "Navidad" virus infects Microsoft's Outlook email application, arriving as a reply when a person sends a message to an infected computer. If the attachment, "navidad.exe," is run, a message in Spanish reads: "Never press this button." If the button is pressed, a further message reads: "Feliz Navidad. Unfortunately you have given in to temptation and will lose your computer."
Similarly, the Prolin virus targets Microsoft's Outlook and Outlook Express email clients and automatically emails itself to a victim's entire email address book, but with no destructive payload. It can, however, crash email servers if it gathers enough steam.
This virus comes in an email with the header, "A great Shockwave flash movie," referring to a popular Internet animation format. It also adds itself to the Windows operating system start-up menu.
Stefanie Olsen, CNET News.com