[Fair Use: For Educational and Research Purposes Only]

New virus shuts down e-mail at four Fortune 100 companies 'Funny,' 'Jokes,' or 'Stages' in text

Wednesday, June 21, 2000

Washington --- A new computer virus, which looks like a harmless text file, has caused shutdowns of the e-mail systems at four Fortune 100 companies, anti-virus experts said.

The virus does no harm to computer files, but similar to May's Love Bug virus, simply multiplies by sending itself out to everyone listed in the infected computer's address book.

While users are well-warned about VisualBasic attachments, which appear as ''.vbs'' extensions, the ''Stages'' virus looks like a text file, complete with ''.txt'' extension. But the real extension is ''.shs,'' which stands for Windows Shell Scrap Object. A Scrap file can contain anything, including executable and malicious code.

The ''.shs'' extension does not appear even if a user sets Windows to show all file extensions. Microsoft designed this extension to be invisible, and it cannot be changed without entering the operating system's most fragile configuration systems.

The virus hit companies in the United States by Friday and began appearing in Australia and Asia over the weekend, David Perry of Trend Micro Inc., a maker of anti-virus software, said Monday.

Since then, makers of the popular McAfee anti-virus program have reclassified ''Stages'' as a larger threat and said more than 100 of their customers --- many major companies and almost all based in the United States --- reported infections. One company had more than 5,000 individual users infected.

''Due to the infection rate, we're moving it to 'high risk,' '' said Sal Viveros, a spokesman for McAfee.

Viveros said an analysis of the virus showed that it was signed by someone named ''Zulu,'' the same author that wrote the ''Bubbleboy'' virus that appeared last year.

''Stages'' uses Microsoft Outlook or Outlook Express mail programs to spread, but it can also infect through chat rooms or America Online's ICQ instant messaging software.

The e-mail message contains ''funny,'' ''life stages'' or ''jokes'' in the subject line. The text of the message reads ''the male and female stages of life,'' with an attachment, ''life---stages.txt'' or ''life---stages.txt.shs.'' The attachment contains a joke about advancing age.

Surprisingly, an anti-virus vendor first warned users about the threat of stealthy ''.shs'' files containing viruses in August 1998. But this is the first reported ''.shs'' virus, according to virus experts.

> ON THE WEB: McAfee Anti-Virus: www.mcafee.com

Microsoft security updates: www.microsoft.com/security

http://www.accessatlanta.com/partners/ajc/epaper/editions/today/business_9305e4ecf64df0ae002b.html

-- (Dee360Degree@aol.com), June 21, 2000

Answers

[Fair Use: For Educational and Research Purposes Only]

Tuesday, 20 June, 2000, 19:08 GMT 20:08 UK FBI issues fresh virus alert

The FBI has launched an investigation into a new e-mail virus that some experts say could cause computer chaos worldwide. The US Government's National Infrastructure Protection Center (NIPC) says the virus replicates itself and sends multiple e-mails.

Warning signs Titles include "Lifestages", "Funny" and "Jokes" File is .SHS type, but extension often hidden Can look like .TXT file It does not damage files but could overload e-mail systems.

The latest virus warning comes little more than a month after the Love Bug virus affected millions of computers around the world.

It was so-called because it is contained in innocent-looking electronic-mail messages entitled "I love you".

It was thought to be the fastest-moving and most widespread virus ever seen and prompted many copycat versions.

This new e-mail generally has the title "Life Stages" "Funny" or "Jokes" and might add either "Fw:" to the beginning or "text" to the end of the subject.

The virus is actually an .SHS file, but the extension remains hidden, even if the operating system is set to show file extensions.

This can confuse users into thinking the file is really a .TXT file.

Thousands already hit

Although the virus has been around for nearly a month, the NIPC and anti-virus software companies upgraded their assessment of the virus to high-risk due to the increasing number of computers and systems being affected.

The NIPC said it was investigating the new virus in conjunction with the FBI.

The government-sponsored Computer Emergency Response said thousands of computers or systems were likely to be hit.

"Some individual users have reported receiving as many as 30 copies, and some large sites have reported seeing as many as 120,000 copies passing through a single mail server," CERT said in a statement.

"We have received 18 direct reports involving over 1,100 internet hosts. But the numbers in the reports suggest the scope is larger than what has been reported to the CERT."

"This destructive virus has the potential to create e-mail storms leading to network performance slowdowns and has the ability to install extraneous content on users systems that can significantly deplete system memory," said software company Network Associates.

http://news.bbc.co.uk/hi/english/business/newsid_799000/799016.stm

-- (Dee360Degree@aol.com), June 21, 2000.