Information Security News mailing list archives
At least 4 major companies crippled by latest virus
From: InfoSec News <isn () C4I ORG>
Date: Tue, 20 Jun 2000 11:55:48 -0500
http://www.techserver.com/noframes/story/0,2294,500218617-500311074-501734893-0,00.html By D. IAN HOPPER, Associated Press WASHINGTON (June 20, 2000 11:15 a.m. EDT http://www.nandotimes.com) - A new computer virus, which resembles a harmless text file, has caused shutdowns of the e-mail systems at four Fortune 100 companies, anti-virus experts said. The virus does no harm to computer files, but similar to May's "Love Bug" virus, simply multiplies by sending itself out to everyone listed in the infected computer's address book. While users are well-warned about VisualBasic attachments, which appear as ".vbs" extensions, the so-called "Stages" virus looks like a text file, complete with ".txt" extension. But the real extension is ".shs," which stands for Windows Shell Scrap Object. A Scrap file can contain anything, including executable and malicious code. The ".shs" extension does not appear even if a user sets Windows to show all file extensions. Microsoft designed this extension to be invisible, and it cannot be changed without entering the operating system's most fragile configuration systems. The virus hit companies in the United States by Friday and began appearing in Australia and Asia over the weekend, David Perry of Trend Micro Inc., a maker of anti-virus software, said Monday. Since then, makers of the popular McAfee anti-virus program have reclassified "Stages" as a larger threat, and said more than 100 of their customers - many major companies and almost all based in the United States - reported infections. One company had more than 5,000 individual users infected. "Due to the infection rate, we're moving it to 'high risk,"' said Sal Viveros, a spokesman for McAfee said. Viveros said an analysis of the virus showed that it was signed by someone named "Zulu," the same author that wrote the "Bubbleboy" virus that appeared last year. "Stages" uses Microsoft Outlook or Outlook Express mail programs to spread, but it can also infect through chat rooms or America Online's ICQ instant messaging software. The e-mail message contains "funny," "life stages" or "jokes" in the subject line. The text of the message reads "the male and female stages of life," with an attachment, "life-stages.txt" or "life-stages.txt.shs." The attachment contains a joke about advancing age. Surprisingly, an anti-virus vendor first warned users about the threat of stealthy ".shs" files containing viruses in August 1998. But this is the first reported ".shs" virus, according to virus experts. Anti-virus companies have issued software updates to catch the new virus and are encouraging businesses to filter incoming mail and delete attachments with the ".shs" suffix. ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- At least 4 major companies crippled by latest virus InfoSec News (Jun 20)