home      about me      poems      articles      old blog      [places for writers]

articles

January 3, 2000

Worm Woes: "A [not so] great Shockwave flash movie"
by Barbara Fletcher


Even though the Shockwave virus has been around for a month, it keeps on spreading. And if you use Microsoft Outlook or Outlook Express, you're at risk of infection.

Whatever you do, resist temptation and do not open the attachment to an email entitled "great Shockwave flash movie".

The Shockwave virus (also known as W32.Prolin.Worm, TROJ_SHOCKWAVE.A, CREATIVE, and TROJ_PROLIN.A) arrives usually from someone you know -- because when a person opens the attachment, the worm uses Outlook to send itself to everyone in the address book.

According Symantec, global expert on Internet security technology, the email message contains the subject "A great Shockwave flash movie" and the body of the email reads: "Check out this new flash movie that I downloaded just now ... It's Great /Bye".

The offending attachment, disguised as a Shockwave file, is "creative.exe".

Unsuspecting victims who choose to open this file will unleash the worm virus that first emails itself to everyone in their Outlook address book, and sends a confirmation email to a Yahoo! address ("z14xym432@yahoo.com") with the subject line "Job complete" and body text "Got yet another idiot".

The next level of nastiness is when the worm renames the victim's .mp3, .jpg, and .zip files by appending "change atleast now to LINUX" to the extension and then moves these files to the user's root directoy.

Ridding Your Computer of the Shockwave Worm
Removal of the virus involves moderate effort and some expertise. Symantec advises victims to scan their hard drive for the virus, delete all identified W32.Prolin.Worm files, and restore the original extension of all affected .jpg, .mp3, or .zip files.

McAfee provides an online virus scan (with options for fixing or deleting virus files) and instructions for removing the worm from your computer.

Although Symantec has ranked the Shockwave virus as a Category 4 (Severe) for its speed of distribution, it is not as destructive as originally feared. This can be attributed this to quick communication about the virus, and a Microsoft Outlook security patch released June 8, 2000.

The Shockwave virus ranked second and accounted for 16% of complaints at the Sophos Top Ten Viruses of December 2000. It was beaten out by the Apology virus but ranked above the notorious Kakworm and or the highly-infectious LoveLetter virus.



Virus-monitoring company MessageLabs -- who on average detect and stop an e-mail virus every 3 minutes -- show that the W32.Prolin.Worm has now spread throughout North America, Australia, South Africa, and portions of Europe and Central America.

This virus was first detected on November 30, and seems to have originated in the U.K.

Protect Yourself
To keep your computer free of viruses, be sure to download or purchase some antivirus software such as McAfee VirusScan, Sophos Anti-Virus, or Norton AntiVirus -- and don't put off your regularly scheduled virus updates. And either keep close tabs on or join the mailing lists at virus alert sites such as Symantec, Virus.com, and Sophos. These sites also keep track of virus hoaxes that you can check out before sending out a mass panic-button mailing to friends and relatives.

And one last word of advice: always be wary of opening attachments -- even if (and sometimes especially if) they are sent from people you know.