New Virus

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

W95.Babylonia

Detected as: W95.Babylonia Infection Length: 11,036 bytes Likelihood: Common Detected on: Dec 7, 1999 Region Reported:Europe, US, Asia-Pacific

Characteristics: MIRC, Y2K, Internet, Windows Help file

W95.Babylonia was discovered on Dec 6, 1999. The virus was created by a member of the 29A virus writing group. It was originally posted to an Internet news group as a Windows Help file named serialz.hlp and appeared to be a list of serial numbers for commercial software. When this Windows help file is launched, it will introduce the virus into the computer system. Symantec AntiVirus Research Center has received over 20 submissions of this new virus as of Dec 6 and believes it is spreading quickly world-wide.

W95.Babylonia is a very complex virus that propagates mainly to other computer users via MIRC. MIRC is a text based communication application used to chat over the Internet. When an infected user logs onto MIRC, it will automatically send the virus to everyone within the same MIRC chat room as the infected user. The virus will be sent as a Y2K bug fix. Once this file (Y2K bug fix) is executed, it will infect other 32-bit EXE program files as well as Windows Help files.

The virus will try to modify the system to display the following message when booting the infected computer:

W95/Babylonia by Vecna (c) 1999 Greetz to RoadKil and VirusBuster Big thankz to sok4ever webmaster Abracos pra galera brazuca!!! --- Eu boto fogo na Babilonia!

The virus will also send an email to babylonia_counter@hotmail.com to track infected computers.

The most interesting part of the virus is the ability to download the viral components of the virus from the Internet. When the virus is executed, the virus will wait for an Internet connection. When it detects that the computer can access the Internet, it will download several files from a web server in Japan.

Because the virus has such capability, it is possible for the virus writer to update the virus centrally.

-- Joe Public (joe@lookout.com), December 07, 1999

Answers

Thanks, Joe--a freaking virus writing GROUP???

-- Mara (MaraWayne@aol.com), December 07, 1999.

Enough of this and folks will start "islanding" their PC's, and there goes the Internet-and E-commerce!

JJ

-- Jeremiah Jetson (laterthan@uthink.y2k), December 07, 1999.


Interesting JOE... I went to Symantec's website and did a search for W95.Babylonia and nothing showed up. I did this because I attempted an auto-update on my Norton's Antivirus and it said it was already up to date. I checked the virus list and didn't find this virus present either. Odd, Symantec's usually right on top of things.

beej

-- beej (beej@ppbbs.com), December 07, 1999.


Thanks, Joe--a freaking virus writing GROUP???

Actually Mara, they are a virus witers' guild. Their wage scale starts at $48 an hour, but that is only for apprentices, it goes up considerably for journeymen and the benefits are the envy of everyone in the IT industry. I wonder if the gubmint is paing them. And which gubmint it is that is paying them?

-- Butt Nugget (catsbutt@umailme.com), December 07, 1999.


W95 Babylonia at Symantec AntiVirus Research Center

-- Rob (rob@planet.rob), December 08, 1999.


Very ingenious. Aum Shin-ro-kyou, perhaps?

Avoid using MIRC chat and you're home free. But what next?

"Who knows what evil lurks...etc."

-- Tom Carey (tomcarey@mindspring.com), December 08, 1999.


Moderation questions? read the FAQ