9 - 15 December 1999

Challenge 2000 warning on computer viruses

by David Kelleher

Anti-virus experts have issued various warnings about a number of harmful viruses expected to strike around over the coming holiday season. IT managers and security experts have been advised to brace themselves for an outbreak of known and dangerous strains and clones over the Christmas and New Year period.

The expected trigger dates and the virulent language of the messages displayed appear timed to gain maximum publicity for the virus. Moreover virus authors who have set a trigger date around the new year are hoping to get maximum impact on systems and users who could already be stressed by Year 2000 issues.

Experts are anticipating a self-propagating virus called W97M Prilissa A to cause most damage. This potent virus has already been detected on computer systems worldwide but there has been no reported damage since the virus is triggered to activate itself on Christmas Day.

This virus is a combination of the notorious Melissa virus, which hit a large number of companies this year, and a programme called PRI. Since it arrives via e-mail, computer users have been warned to be on the lookout for any e-mail message with a subject line that reads, "This document is very important and you've GOT to read this!"

If the infected document is opened Prilissa exploits a hole in Microsoft Outlook and Outlook Express that enables it to automatically mail itself together with the last Word document opened, to the first 50 people in the infected user's Outlook address book disguised as a genuine message from the infected user.

Furthermore it will display the following text:"©1999-CyberNET Vine...Vide...Vice...Moslem Power Never End...You Dare Rise Against Me...The Human Era is Over, The CyberNet Era Has Come [OK]!!!" after which it overwrites the AUTOEXEC.BAT file and formats the C: drive.

Antivirus experts have also reported other Windows viruses set to activate on 25 December as well as on and during the millennium roll-over.

One of these viruses is known as Win32.Kriz, Win32Kriz.3740 or Win32.Kriz.3862 and is similar to the Chernobyl virus, which struck users in Europe and Asia earlier this year.

Besides corrupting files, it is also programmed to destroy a computer's flash BIOS resulting in users being unable to boot their computers properly or control the cursor.

In view of the expected outbreaks, anti-virus software companies have designated the period from 24 December to 15 January as a time when computer users should be in a heightened state of alert. Users and system administrators must incorporate proper anti-virus strategies in their Year 2000 compliance and contingency plans to protect and counteract these potential virus attacks as systems which are compliant could easily become unavailable if infected.

Local users should ensure that they have installed the latest versions of their anti-virus software and virus signatures to ensure protection from any malicious computer virus. Further information can be obtained from the local anti-virus software suppliers.