“A new combined worm and virus threat, called Cholera,
has been posted to a hacker’s Web site and has antivirus vendors
scrambling to provide protection before an epidemic spreads akin to
Melissa and Worm.ExploreZip.”
“The worm/virus is currently listed as a medium threat, as it
hasn’t been found ‘in the wild’ infecting user systems, but will
automatically be upgraded to a high threat as soon as it is…”
“Cholera is similar to Worm.ExploreZip as it unleashes a
worm-style attack that will automatically send itself to any e-mail
address it finds on an e-mail system, and therefore carries the
potential to clog and shut down e-mail servers. Cholera is also
not platform-dependent and can operate off of any e-mail
system… At this time, Computer Associates is still investigating
what payload, if any, the virus will deliver.”
“The worm becomes resident when the infected system is rebooted.
Once activated, the worm installs itself by adding keys to
WIN.INI on Windows 9x and the registry on Windows NT. The worm
will also try to copy itself to any shared drives to which the user
is currently connected. Then it proceeds to infect executables in
the directory from where it is launched with a virus named
W32/CTX.”
” ‘It’s sort of a dual thing because of the virus and worm
aspect, so it’s sort of screaming, ‘Build a variant of me,’ ‘
[CA antivirus product manager Narender] Mangalam said.’ “