Issue No. 266

25 November - 1 December 1999

New virus strain intercepted in Malta

by David Kelleher

A new quick-spreading computer virus that can reformat a victim's computer hard drive on Christmas Day has been detected, and already appears to have cropped up on three continents.

Contacted yesterday, a spokesperson for Technology in Management Ltd told The Malta Business Weekly that the virus, dubbed Prilissa, had been intercepted locally.

Prilissa is a combination of Melissa, an earlier virulent virus spread via e-mail, and another programme called PRI. According to virus analysts it follows an increasingly common trend of using security holes in Microsoft's Outlook and Outlook Express to spread itself through e-mail.

"Come Christmas day, you could turn on your computer to play a new game or whatever, and it reformats your hard drive," said Sal Viveros, group marketing manager for the antivirus division of Network Associates.

While potentially dangerous for users, the increased visibility of these viruses has been a boon for antivirus companies such as Network Associates and Trend Micro, which have seen sales of antivirus software skyrocket.

Researchers at Network Associates antivirus labs said they discovered Prilissa earlier last week and deemed it a low risk, since it had not yet surfaced "in the wild", or on the Internet at large.

However, they underestimated its impact and at least 10 large companies in Europe, the US and Australia reported incidences of the virus on their systems.

The code draws from both of its predecessors. Like Melissa, the virus comes as an attachment in an e-mail. Once opened, the virus will e-mail itself to the first 50 addresses in an infected computer's e-mail contact list. From the PRI code, it inserts random coloured squares into a user's documents.

But unlike its predecessors, which mostly only led to excessive e-mail traffic, Prilissa carries a destructive kick. If opened, a user's hard drive could get re-configured.

The virus appears in mailboxes purporting to be a message from the last infected user. The body of an e-mail will read "This document is very important and you've GOT to read this!"

The document itself can be whatever Microsoft Word file the last victim was using when the virus sent itself out, raising the risk that confidential documents could accidentally be released to a huge number of people.

Although the virus can only replicate itself through Microsoft Outlook, the payload can infect any PC running Windows 95 or 98. Put another way, consumers who use Eudora Pro can get infected, but they cannot spread the virus.

Unlike a dangerous new variant seen with the "Bubbleboy" virus, Prilissa requires a victim to click on the infected e-mail attachment in order to launch itself and infect the user's computer.

The best way to stop the virus is to ensure that you have anti-virus software installed on your computer up-dated with the latest virus definitions.

  © Standard Publications Limited 1999