Resistant virus strains to hit the Net?
Published: 15 Jun 1999 08:04 BST
"We seem to have a Darwinian evolution of viruses going on," said Abner Germanow, an analyst at International Data Corp. in Framingham, Mass. "The viruses are becoming more powerful." While Melissa, which struck in March, spread fast, it was merely an annoyance for most companies. And, the April attack of CIH (sometimes called Chernobyl) did a great deal of damage, but the virus took more than a year to spread.
But the ExploreZip virus is sort of a digital platypus. It combines features of its two predecessors, using e-mail to spread like Melissa and deleting files like the malicious CIH.
That makes ExploreZip a whole lot deadlier. Not only does the virus spread more quickly, but its method of wiping out files is more effective than CIH, said Greg Olson, operations manager at data recovery firm Ontrack International Inc.
Unlike CIH, which deletes the file allocation table -- the road map to the files on the disk -- in the first 1MB of the hard drive, ExploreZip creates a file of zero length and then names it the same as an existing Word, Excel, PowerPoint, C or C++ file, essentially overwriting the original file. "Recovery is more difficult than (with) the CIH virus," he said. "But in most cases, we've been able to recover at least some of the data." The company has had more than 100 customers call for services, with an average of 50 PCs downed per company.
That means that the majority of the companies hit by the virus have lost at least some data.
Network administrators at game company Electronic Arts Inc. worked late Thursday and part of Friday last week to recover data from system backups.
"We back up to tape every night," said Vicki Gordon, director of operations and networking for the game publisher. "About a quarter of our users lost a day or so of work. Those not on the backup service lost all their documents."
But a more subtle form of evolution is in the virus' packaging. Wrapped in an e-mail seemingly from a known user, ExploreZip is camouflaged, which helped it gain entry into the networks of Microsoft Corp., Intel Corp., Boeing, AT&T and other major companies.
"The social engineering on this virus is astounding," said David Perry, researcher with anti-virus firm Trend Micro Inc. All viruses in existence today need the user, or someone in the user's workgroup, to act in some way -- usually to open an e-mail attachment. That's what so-called social engineering is designed to do. Increasingly, the package in which the virus is embedded looks respectable enough to fool users into opening it.
These sorts of evolutions are not new, said IDC's Germanow. "It's not so much the start of a trend, but the continuation of one that has been there for a while," he said.
It's survival of the fittest in the digital world. Seeing their futures tied to that simple concept, companies are beefing up their Internet security and policies. With three major virus incidents slamming Internet-connected companies in the past four months, these companies are taking Internet security more seriously.
Electronic Arts, for example, is sitting down for a heart-to-heart with its anti-virus software provider, said EA's Gordon. "The virus was first discovered on Sunday," she said. "We didn't find about it until Thursday. That's a problem." Many, however, are responding in the wrong way, said virus expert Rob Rosenberger, Webmaster of the Computer Virus Myths Web page. "Companies are starting a trend of precautionary shutdowns," he said. "They are not aware of what their users are doing on the Internet, so when they encounter a virus, they shut down just to make sure."
With companies finding out the hard way the value of their information, those sorts of shutdowns may only increase. But IDC's Germanow points out that such a solution can be as bad as the problem itself.
"As little as two years ago, if e-mail went down for two hours, it wasn't a big deal. Today, it's enormous."
Did you find this article useful?
29 out of 66 people found this useful
- Share this article:
