A gremlin trying to spoil Christmas has released a Melissa-like virus capable of reformatting your hard drive.
The W97M.Prilissa.A. virus uses Microsoft Outlook to send infected documents via e-mail, much like the well-known Melissa virus. It also uses the system date to reformat hard drives on December 25, antivirus software experts say.
The virus has the potential to wipe out everything on a computer's hard drive, but most antivirus technology can detect and clean up the virus, says Susan Orbuch, a spokesperson for antivirus software vendor Trend Micro.
"It's Melissa packing a punch," she says. "But the good news is we are prepared for it." Trend Micro and other antivirus software companies, including Symantec's Norton line and McAfee from Network Associates, market rules-based or heuristic scanning devices that detect such behaviour, she adds.
The text of the virus message reads, "This document is very Important and you've GOT to read this!!!" When you open the attached document, the virus disables virus protection security settings, conversion confirmation, and your list of recently opened files, Orbuch says.
The W97M.Prilissa.A. virus shows the following text in the message box when you boot up: "Vine... Vide... Vice... Moslem Power Never End...You Dare Rise Against Me...The Human Era is Over, The CyberNET Era Has Come!!!"
The virus then displays several coloured shapes on top of the opened document, overwrites the autoexec.bat file to format the hard drive, and then displays another message when the system is rebooted: "Vine...Vide...Vice...Moslem Power Never End...Your Computer Have Just Been Terminated By -= CyberNET =- Virus!!"
Aimed at consumers
The Christmas Day trigger date and the messages' virulent language seem timed to gain maximum attention, says Vincent Weafer, director of Symantec's AntiVirus Research Center.
"This is somebody trying to get their virus known," Weafer says. "It looks like it's targeted against home users because companies will not be working Christmas Day.
"They must have known it's so similar to Melissa that most antivirus companies will be able to catch it, and if users are updating their virus patterns, they should be all right. It's like someone saying, 'Me Too,'" he adds.
Symantec and Trend Micro representatives say their customers have not yet reported coming across the virus.
In August, experts discovered another Windows virus set to activate December 25. Variously known as Win32.Kriz, Win32Kriz.3740 or Win32.Kriz.3862, the virus resembles the Chernobyl virus, which hit users in Europe and Asia earlier this year.
Win32.Kriz can damage files that are opened, copied, and moved. On Christmas Day, the virus is set to destroy computers' flash BIOS using the same routine as found in the Chernobyl virus, according to Central Command and the Kapersky Lab research unit. Victims will be unable to boot their computers properly or control the cursor.