Holiday-themed virus deletes Windows

By SCOTT R. BURNELL, UPI Science News  |  Dec. 19, 2001 at 4:53 PM
share with facebook
share with twitter

WASHINGTON, Dec. 19 (UPI) -- An e-mail virus bearing Christmas and New Year tidings will cripple Windows-based PCs if opened, computer security companies warned Wednesday.

The virus, variously called Reeezak.A, Zacker.C or Maldal.C, appeared in the United Kingdom early Wednesday morning, according to both Islandia, N.Y.-based Computer Associates and Santa Clara, Calif.-based Network Associates.

Infected messages carry a subject line of "Happy New Year!" and have a "Christmas.exe" attachment, which displays the icon of a Flash multimedia file. The malicious payload includes some Christmas-themed animation to distract a user from the file's serious contents, said Vincent Gullotto, director of Network Associates' AVERT antivirus center.

The program's most damaging act is to delete all the files in a computer's Windows system directory. This will completely disable the PC until the operating system can be reinstalled, Gullotto told United Press International. The virus also will attempt to delete several varieties of antivirus software programs, he said.

Reeezak also attempts to send itself to every person in a victim's Microsoft Outlook address book, said Ian Hameroff, Computer Associates' director of antivirus solutions. The virus could also try to disable several keys on an infected computer's keyboard, he told UPI.

Reeezak's holiday references are typical of the social engineering tricks used to get people to unwittingly spread viruses, Hameroff said, and should serve as a reminder for people to take computer security seriously.

"It's better to take a few minutes to make sure someone meant to send you an e-mail than to take hours restoring your computer files," Hameroff said.

The CERT Coordination Center, an organization at Carnegie Mellon University in Pittsburgh that studies computer vulnerabilities and disseminates warning information, is aware of the virus but has yet to receive any direct reports of it, said Bill Pollak, the center's spokesman.

Both Hameroff and Gullotto said some antivirus programs might be able to spot Reeezak using predictive software methods called heuristics. A far more certain method of preventing infection is updating a program's virus definition files -- both Network Associates and Computer Associates have added Reeezak to their products. Gullotto said if someone accidentally opens the virus, immediately shutting down the computer could prevent some damage, although system files would probably still need to be restored.

Gullotto said analysis of Reeezak's code and its after-effects indicates the author is likely the same person who created the "WTC.exe" virus shortly after the Sept. 11 attacks. Religious references appear in copies of the virus, which renames itself "Sharon," "Bush," "bin Laden," "Allah" and other terms related to conflicts in the Middle East and Afghanistan, he said, and anti-Semitic messages have also appeared once the virus finishes its work.

Related UPI Stories
Trending Stories