Just days after one Y2K virus was reported hitting the cyberground running, there's a new breed spreading through online chat rooms which can let its creator control infected computers by remote.
It's called W95.Babylonia, comes in the guise of a Y2K fix, and seems to have found its launching pad by way of Internet Relay Chat (IRC) chat rooms, says the Associated Press. But what has computer security experts frazzled is that it has the ability to update itself, with potentially malicious instructions from Japan, the AP says. It's said to affect home computers mostly, spreading through Microsoft software used for chat rooms.
"The virus writer can write code to do anything he wants to," says Network Associates antivirus director Vince Gulotto to the AP. "There's nothing else even close to it."
Other experts tell Wired the virus is dangerous because its creator/author can alter the damage or data-theft on a daily basis. In other words, he can reconfigure your computer drives or steal your files all but at will.
"It is particularly dangerous due to the virus writer's ability to change the virus' payload remotely and after infection," says Simon Perry, business manager for CA Security Solutions, in a statement obtained by Wired. "This virus represents a new level of virus capability."
Antivirus software makers Symantec (www.symantec.com) say the virus was written by a group calling itself the 29A virus writing group.
And security experts are warning against accepting any unsolicited files in chat rooms, urging users to update their antivirus software and even turn off their download features, the AP says.
W95.Babylonia makes home users more prone to infection because it uses chat rooms to spread. An infected user logging onto IRC chat triggers the virus being sent as a Y2K bug to fix anyone else in the room - and it fixes them, all right: if the user accepts it, the virus installs itself and later obtains several files from a Japanese Web site, files which then carry instructions affecting the user's computer.
Wired says that, according to the Computer Associates Web site (www.cai.com), the virus starts polling a Japanese Web site every minute, hunting for updates by the author to extend the virus's power and capability. It can download the updates to infected computers, then reformat a hard drive, delete files, or collect "sensitive" information - as in, information you don't want anyone other than yourself viewing.
The IRC chat operation is a loosely-organized system of worldwide computer chat which has dealt with more than its share of virus problems since it was created in 1995.
Two years ago, a Malaysian-based virus known as script.ini, which could reconfigure users' hard drives, spread like wildfire across the IRC system. That problem and several others, which involved hacking and other problems, led to at least one Malaysian-based Internet domain being banned from the IRC system.
More recently, a Warez chat room on IRC was closed down and some of its members arrested for software piracy.
