News

New Virus Takes Top Spot in Sophos January Report

A new virus entered the fray this month and achieved the number one position in the Sophos top ten virus report for January 2001.

The virus, W32/Navidad-B, is a spin-off of the W32/Navidad e-mail aware worm and accounted for 20.7 percent of the viruses reported to Sophos. It arrives in an email message with an attachment called EMANUEL.EXE. Once the attached program is launched, it displays a dialog box containing the text ";)" and then attempts to read new email messages and to send itself to the senders' addresses. The worm copies itself into the Windows system directory with the filename WINTASK.EXE and changes the registry so that it runs on Windows startup and before any file is run.

W32/Apology-B continued to be a major problem for IT administrators, ranking as the second most reported virus in January 2001 after holding the top spot in December 2000. A variant of the W32/Apology virus, Apology-B is a file infecting virus with email-aware worm and backdoor characteristics.

When the virus detects the user sending an email, it will send another to the same recipient. Apology-32 also attempts to block user access to Web sites with information about viruses.

Holding the number three position once again was W32/Hybris-B, a worm capable of updating its functionality over the Internet. W32/Hybris-B consists of a base part and a collection of upgradeable components, which are stored within the worm body encrypted with 128-bit strong cryptography.

When run, the worm infects WSOCK32.DLL. Once an infected user sends an email, the worm attempts to send a copy of itself as an attachment to a separate message to the same recipient.

The number four through seven spots were held by VBS/Kakworm, W32/Prolin, W32/Hybris-C, and VBS/Lovelet-AS, all of which held spots in the December 2000 top 10 virus report.

Although it did not have near the effect of Navidad-B, there was also another new virus called W32/Hybris-D that was reported by 2.0 percent of respondents during January. A variant of Hybris-B, this virus shows many of the same characteristics.

Tied for the eighth position with Hybris-D was W32/Qaz, a re-entry into the top 10 after not making the list in the December 2000 report.

A worm that has backdoor Trojan characteristics, Hybris-D will search for a copy of NOTEPAD.EXE and rename it to NOTE.COM. The worm then copies itself to the computer as NOTEPAD.EXE.

Each time NOTEPAD.EXE is executed, the worm will run and then launch the untampered version of NOTE.COM to avoid being noticed by the user.

The worm makes changes to the system registry in order to execute itself every time the system is booted. The real danger is that it allows remote hackers to connect and gain access to the affected computer when it is connected to the Internet.

The final position was held by W32/Bymer-A. Overall, the top ten viruses accounted for 76.5 percent of the viruses reported to Sophos in January 2001. – Jim Martin

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Highlights Emerging Kubernetes Scalability and Governance Efforts

    Microsoft this week highlighted some emerging efforts to improve both the scalability and governance of the open source Kubernetes container orchestration service.

  • Microsoft Ending Azure Container Service Support in 2020

    Microsoft gave notice earlier this month that it will be ending its Azure Container Service on Jan. 31, 2020.

  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.