Main Page | Bracing for Cyberwar | Hacking Primer | Scenes from the 'Hacker Underground' | Hacking: Two Viewpoints | Timeline | Gallery | News Archive | Discussion | Related Sites

From...

by Stacy Collett

(IDG) -- A new virus that appears in e-mail files with the subject line "Check this" creates links to adult Web sites, then searches through an infected system's address book and automatically sends the e-mail to those names. It isn't known how many PCs have been infected with the virus.

Observers said the scam is more embarrassing than destructive to computer systems because e-mails touting the porn site appear to be coming from the address book's owner.

	ALSO
Y2K problems compounded by panic, viruses

According to antivirus vendor Network Associates Inc., the Visual Basic script worm distributes itself as an e-mail attachment and attempts to involve two common Internet relay chat clients, which are programs used to chat online. The "to" field of the e-mail is always empty, and the e-mail subject appears as "Check this."

Bracing for Cyberwar Hacking Primer Hacking: Two Views Timeline Gallery Discussion TIME: Counterhacking 101 Related Sites

The e-mail body has the attachment "links.vbs." When someone opens that attachment on a system that supports Windows scripting, which is usually installed by default on Windows 98 and Windows 2000, the worm deposits two Visual Basic script files on the system. A message box then displays "DesktopFREE XXX LINKS.URL" and asks if the recipient wants to continue. If the person replies "yes," a desktop shortcut symbol "FREEXXX LINKS" is created, linking to an adult Web site.

The worm also searches all address entries if Microsoft Outlook 98 or Outlook 2000 are running, Network Associates said.