Computer experts are warning of an e-mail virus aimed at erasing all hard drive data and set to go off at midnight New Year's Eve, APBNews.com says.
Called W32.Mypics.Worm, it was discovered last Thursday and is said to affect Microsoft Windows 95, Windows 95, and Windows NT systems. "Computer Associates has identified this worm as having been specifically designed to cause significant damage in the year 2000," said Simon Perry, the company's eTrust business manager, to APBNews. "As the year 2000 quickly approaches, we are starting to see an increased frequency of dangerous viruses."
This worm is said to spread by sending itself automatically to as many as fifty people in an Outloos e-mail address book, APB says. The subject line is empty, but the e-mail reads, "Here's some pictures for you!" - tricking a user into thinking the attachment pics4you.exe actually contains images. When it's opened, APBNews says, the program will simply seem to have quit working.
But the worm will set itself in memory and sent itself to as many as fifty, as well as adjusting the homepage setting of Internet Explorer to a personal GeoCities Web site which APB says experts think might then link to an adult site. And the Windows registry will be modified and changed to load the worm in memory each time the computer reboots, APBNews continues, keeping the worm in the computer.
The news service says the worm features two payloads imitating a Y2K problem - "First, the worm monitors the system clock and when it detects the year is 2000, the worm will modify the system BIOS. On the next reboot, the computer will display a message such as 'CMOS Checksum Invalid' and prevent the computer from booting," says APBNews, which adds the problem can be corrected, allegedly, by going into the BIOS setup - but when the settings are fixed, the worm shoots its second payload and formats the hard drive.
The worm is classified moderate-to-high risk and security experts are reportedly posting software on their Web sites to stop users from catching the code, APBNews says.
