Christmas virus strikes 10 top-tier companies

[William Knowles <wk () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500278452-500436438-502784269-0,00.html

WASHINGTON (November 10, 2000 3:37 p.m. EST http://www.nandotimes.com)
- Computers in at least 10 Fortune 500 companies have been infected
recently by a Christmas-themed virus that security experts call
"Navidad."

The virus, which affects computers using Microsoft's Windows operating
system, arrives as a reply when a user sends an e-mail to an infected
computer. The attachment, called "NAVIDAD.EXE," is mainly in Spanish,
and antivirus experts believe the virus came from South America.

"We've seen at least 100 samples over the last 4 days, including at
least 10 Fortune 500 companies," said Vincent Gullotto, top antivirus
researcher at security company McAfee.com, adding that many of the
virus-ridden e-mails have come from Brazil and Cuba.

When a person opens the Navidad attachment - something security
experts always warn against unless the user knows what the attachment
is - a message in Spanish reads: "Never press this button." If the
button is pressed, a message says: "Feliz Navidad. Unfortunately you
have given in to temptation and will lose your computer."

But the computer isn't damaged, which Gullotto says may be because the
virus is designed for the Spanish version of Windows. But the virus
does place on the computer's desktop an icon that looks like an eye,
which stops most programs from being run.

"It's not destructive, but it may cause your Windows system to lock
up," Gullotto said. The program can be stopped manually, and several
antivirus companies have developed software that both removes and
protects against the virus.

Several viruses in the past have taken holiday themes. One that
appeared last year only damaged an infected computer on Christmas Day.

But while the virus doesn't damage computers, security companies are
still warning their customers because Navidad is spreading fast among
large corporations. One security expert familiar with the virus, who
spoke on the condition of anonymity, said both the petroleum company
ExxonMobil and computer chipmaker Intel have been hit by Navidad.

As with any virus, experts suggest that consumers install an antivirus
program and keep it updated at least once a month. They also recommend
using an antivirus scanner to check an e-mail attachment before
clicking on it.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".