'Naked Wife' virus wreaks havoc on Internet

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

'Naked Wife' virus wreaks havoc on Internet March 7, 2001 Web posted at: 6:49 HKT (0649 GMT)

-------------------------------------------------------------------------------- In this story:

Masquerades as a Flash movie

'Love, sex' make people click

By Richard Stenger CNN.com Writer and Daniel Sieberg CNN.com Technology Editor

(CNN) -- A malicious new Internet bug has infected numerous U.S. corporations, promising luckless e-mailers a video of a "naked wife," computer security firms said Tuesday.

Instead of erotic images, however, the Trojan virus seeks to delete vital system files on the users' computers. Several antivirus companies on Tuesday designated the "Naked Wife" a medium to high risk because of its rapid spread and destructive behavior.

"It is in the wild and the damage is significant," said April Goostree, antivirus research manager for MacAfee.com. "It removes files off Windows and Windows system directories that render the computer inoperable."

What happens: When the worm is run it shows a dialog box that looks like a ShockWave Flash executable animation's dialog, thus confusing many users.

Subject: Fw: Naked Wife

Body: My wife never look like that! ;-) Best Regards, CurrentUser

The CurrentUser section is the name of another infected computer user. At least 18 major corporations in the United States began reporting infections Tuesday morning, Goostree said. Thousands of computers have likely been infected.

The "Naked Wife" comes on the heels of other dubious worms like the "Anna Kournikova" virus that promise enticing pictures.

"This isn't a particularly new or innovative virus. It uses social engineering, promising visual gifts that appeal to baser instincts," said Susan Orbuch, spokeswoman for MicroTrend.

The virus has a more damaging payload than the recent Anna Kournikova epidemic because it deletes hard drive files, Goostree said. The user is essentially forced to reinstall their operating system.

But the "Naked Wife" virus should be less widespread than the "ILOVEYOU" virus, as more people are informed about not opening attachments, she added.

Masquerades as a Flash movie The bug masquerades as a Macromedia Flash movie, using the subject line "Fw: Naked Wife." The e-mail message states that: "My wife never look like that! :-) Best Regards," and then adds the name of the sender.

Those who open the attachment, NakedWife.exe, view a window that reads "JibJab Loading." It then tries to delete all .BMP, .COM, .DLL, .EXE, .INI, and .LOG files in the WINDOWS and WINDOWS/SYSTEMS directories.

It also spreads via Microsoft Outlook, sending out copies to every e-mail address in an infected user's address book.

JibJab Media Inc., which specializes in Flash production, is not involved with the virus. However, the company's logo appears when the attachment is clicked on in order to trick users Users choosing the Help/About menu from the "Flash" window receive an obscene message attributed to: "(C) 2001 by BGK (Bill Gates Killer)."

The logo used in the fake Flash file belongs to JibJab Media Inc., based in Brooklyn, New York. John Nugent, JibJab's vice president of production, said the company is very irate about the logo being used as part of the virus.

"Our concern is that people think it's coming from us, which it's not," said Nugent.

He said many people are familiar with JibJab legitimate Flash productions, possibly leading users to trust the attachment.

The "Naked Wife" virus appears to have originated in the United States, said McAfee.com's Goostree, noting that they received the first report from a national government agency.

Antivirus firm F-Secure Inc. is also warning users to be on the lookout. But while McAfee.com believes it originated in the U.S., F-Secure said that the most probable point of origin is Brazil. Officials at F-Secure added that they have seen only minimal infections so far.

'Love, sex' make people click As with the "ILOVEYOU" and "Anna Kournikova" viruses, deception was used to get people to click on the attachment. In other words, sexual innuendo or suggestions often dupes people into opening a message they would otherwise ignore.

"Love is a pretty good topic to get people to open at attachment," Goostree said. "But sex is an even better one."

To prevent virus infections, antivirus experts recommend that Internet users refrain from opening attachments from unknown sources and that corporate managers consider Internet content filters to block questionable e-mail.

http://asia.cnn.com/2001/TECH/internet/03/06/nakedwife.virus/index.html



-- Martin Thompson (mthom1927@aol.com), March 06, 2001


Moderation questions? read the FAQ