By John Leyden, VNU Net
A computer virus that can phone the emergency services and
even wipe a user’s hard drive has been reported by the Federal
Bureau of Investigation (FBI).
The 911 virus is a batch file worm that propagates across the
internet by scanning for and exploiting computers configured to
share their drives with other users, called Windows shares. This is
different to viruses such as Melissa that spread through email.
The FBI’s National Infrastructure Protection Center, which
rarely comments on viruses, reported a “relatively limited
dissemination of this script in the Houston, Texas area”. Users are
advised to disable file sharing and update their antivirus
software.
Graham Cluely, senior technology consultant at antivirus
software vendor Sophos, said the virus has two variants, both of
which can format a users hard disk. But he said an epidemic is
unlikely because the virus is relatively easy to defend
against.
“The virus uses remote installation using IP addresses and most
people are not so stupid as to set their machine up such that the
root is shareable,” he said.
Jack Clark, European antivirus product manager at Network
Associates, said: “If the virus used email it would present a far
higher risk.”
The malicious code of the 911 virus consists of a large number
of batch files, with an accompanying Visual Basic script. The virus
attempts to access computers within the sub-nets of various IP
addresses.
If the virus manages to access a computer on one of these
sub-nets it creates hidden sub-directories. There is also a one in
three chance that the virus will alter a remote machine’s
autoexec.bat file. The altered file will attempt to unconditionally
format the H:, G:, F:, E:, and D: hard drives when run on the
remote machine. The code then displays an obscene message before
attempting to unconditionally format the C: drive.
The virus may also attempt to dial 911, the emergency service
number in many countries.