ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Online business Toolkit

Four held in Israel for Goner virus

Wendy McAuliffe ZDNet.co.uk

Published: 10 Dec 2001 11:24 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Four Israeli teenagers have been remanded in custody on suspicion of writing the malicious Goner email worm, which is thought to have spread more rampantly than last year's infamous Love Letter virus.

The high school students, aged 15 and 16, were arrested on Friday night, and were expected to remain in a Tel Aviv jail until Monday. Evidence that linked the boys to the Goner worm (so called because of its reference to what it calls the "Pentagone") was presented to the Northern Branch of the Anti-Fraud Squad on Wednesday. The investigation remains in progress, but under Israeli law, the minors could face between three and five years in jail for distributing such a destructive virus code.

Antivirus firm MessageLabs has detected 6342 incidents of Goner in the last 24 hrs, and more than 133,000 international cases since the worm was first detected on 4 December.

Goner is a mass-mailing Internet worm, written in Visual Basic Script (VBS), and is compressed into the UPX (Ultimate Packer for eXecutables) format, making it harder for antivirus software to detect. It arrives as an email with the subject line "Hi", and disguises itself as a screensaver.

It contains the text: "How are you? When I saw this screensaver, I immediately thought about you. I am in a harry, I promise you will love it!"

When the file is opened in Microsoft Outlook, Goner will attempt to terminate a number of antivirus products installed on the infected computer, and will then delete all files from any directory containing files of those names. Goner also uses the Inernet Relay Chat application called mIRC to install a backdoor, which can be used to launch a Denial of Service (DoS) attack on IRC channels, and on other uses connected to the same IRC channel as the infected user.

The first incident of Goner was detected in the US last Tuesday, but antivirus companies had been receiving a large number of reports from France. The minor spelling error in the body text had indicated that the virus author was not English.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
40 out of 79 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business



Company/Topic Alerts

Create a new alert from the list below:










Related Jobs

Java Team Lead Fareham Jsp Multithreading 40,000

Do you love Cisco ?? London- Cisco-LAn-WAN- Projects-Support-40k

Credit Reference Agencies Strategy and Policy Co-ordinator

Sentry Posts Blog

Virtual Teams: Small Business Innovati...

Virtual Teams: Small Business Innovation Author: Eric Everson, Founder – MyMobiSafe.com As the founder of MyMobiSafe.com, I’ve found that because of our presence in the industry... More

Post a comment

Mobile Security and Innovation: An Ope...

Mobile Security and Innovation: An Open Case Author: Eric Everson, Founder MyMobiSafe.com The times are changing in the mobile industry as “big wireless” in the US Markets are calling... More

Post a comment

Government launches new e-crime unit

Ok, so this is outside of my main area of focus of sustainable and green tech but I do track some security issues too. I was at a meeting last week with Microsoft's security advisor... More

Post a comment