December 15, 1999

The Coming Plague Year

Threads

Do you think the recent upsurge in destructive viruses is a temporary anomaly, or a portent of things to come? Have you or your business instituted formal, proactive antivirus procedures, or do you rely on casual or reactive measures? Is it better to scan for viruses at the server or firewall, or at the desktop, or both? What products have you found especially noteworthy? Join in the discussion.

Recent Columns

Hold On To Your Wallets: Here Come The Lawyers What Would You Do If You Were Bill Gates? For Microsoft, D-Day--As In "DOJ"--Is Coming The Danger Of Stealth Executables How Fast Is Fast Enough? LangaLetter Archives

Bio

Fred Langa is a senior consulting editor and columnist for Windows Magazine. Fred's free weekly newsletter is available via subscribe@langa.com. You can contact him at fred@langa.com or via his website at http://www.langa.com.

By Fred Langa

Here's a prediction: Year 2000 won't be remembered so much for the date-rollover problems (which will likely be minor in most of the developed world); instead, it will be remembered as a plague year online, rife with an astonishing number of virulent, fast-replicating worms and viruses.

In fact, the plague is already starting: In just the last few weeks, we've seen four major outbreaks:

1) W97M.Prilissa.A is like the Melissa virus, but worse: It can reformat your hard drive. It's designed to trigger itself on December 25th. (And a Merry Christmas to you too.) So far, it's mainly a threat to users of Microsoft Outlook, but it could--and probably will--be modified.

2) The W32.Mypics.Worm arrives as an E-mail with the subject line "Here's some pictures for you!" and with an attachment called "pics4you.exe." When you (or your coworkers) run it, nothing seems to happen, but what goes on behind the scenes is (1) the worm infects the system with a deadly bug that will cause major trouble on January 1, 2000; and (2) it sends itself to 50 people on your Outlook address list. The W32.Mypics.Worm New Year's "payload" is ugly: Even if the system is year 2000 compliant, the worm will simulate a BIOS problem and cause the system to halt with a "CMOS Checksum Invalid" message. That's not too bad in itself; it can be fixed by re-entering the BIOS values. But upon reboot, the real nastiness starts: The worm then reformats the hard drive.

3) The Worm.ExploreZip(pack) worm also a self-propagating E-mail that arrives with the message: "I received your E-mail, and I shall send you a reply ASAP. Till then, take a look at the attached zipped docs." The "attached zipped docs" are a file called "zipped_files.exe." When Worm.ExploreZip(pack) runs, it searches all hard drives on your machine, and any it can reach via a network, and deletes all files containing any of the following extensions: .h, .c, .cpp, .asm, .doc, .xls, .ppt. This worm is a compressed variant of the original Explore.zip work that arrived a while ago; because this version has been compressed, it may slip past your antivirus scans if your virus definitions aren't fully up to date.

4) Then there's W97M.Melissa.AA, yet another variant of the now-classic Melissa virus/worm. It arrives as an E-mail with the subject line "Duhalde Presidente " and with the message "Programa de gobierno 1999-2004." It doesn't delete anything, but it can clog your mail server by sending out 100 copies of itself, each of which will try to send out 100 more copies, on and on and on.

I know some readers are already formulating E-mails that go something like "Gee, Fred, those are all Wintel/Microsoft/PC problems. Just switch to Apple/Linux/any non-Microsoft product, and all will be well!"

If only it were that simple. No general-purpose operating system is 100% virus- or worm-proof. Mac, for example, has its share of worms; and Linux got its first viral infectors way back in 1997. No, there hasn't been as much activity in these areas as in the Wintel arena, but that's mainly because hackers want infamy, and that means they concentrate on the high-market-share operating system by which they can affect huge numbers of people and thus get their "work" mentioned on the network news or on the cover of Time or Newsweek.

However, as more and more users try non-Microsoft and non-PC solutions, these alternatives will become a more-inviting target for sociopathic hackers: the more users, the bigger the chance to make a splash.

And when that happens, watch out: Because platforms such as the MacOS and Linux have gotten relatively little attention from malicious hackers in the past, few users of these operating systems bother with any virus protection at all.

So it, indeed, looks like a plague year is upon us. Most of the activity will be where most of the people are--on the Wintel platform. But no one will be immune.

It probably also will be a banner year for antivirus solutions, from old standby freeware solutions such as Tripwire for Linux through the full-blown commercial offerings.

But what's your take? Do you think the recent upsurge in destructive viruses is a temporary anomaly, or a portent of things to come? Have you or your business instituted formal, proactive anti-virus procedures, or do you rely on casual or reactive measures? Is it better to scan for viruses at the server or firewall, or at the desktop, or both? What products have you found especially noteworthy? Join in the discussion!

---