:: SECURITY

Shockwave is still a high-risk virus
 Wednesday, December 06 2000
by Emmet Cole

 Send story to a friend
 Print this Story
The "shockwave" or Prolin computer virus, first discovered at the end of last week, still poses a high risk according to experts.

"Prolin hasn't caused as much damage as Melissa. But it's still a high-risk virus and it's still out there," Kevin Hanley, Priority Data, told ElectricNews.Net.

All the major anti-virus companies moved quickly to update their software to detect Prolin, but companies like Priority Data are still receiving calls from affected users.

Like the Melissa and Loveletter viruses, which wreaked havoc around the world earlier this year, Prolin, is an e-mail worm, which propagates itself by sending itself to everyone in the infected user's Outlook Express or MS Outlook address book. Mass e-mailing worms like Prolin have the potential to overload or crash e-mail servers.

Prolin, which is also known as "Shockwave" or "Creative", arrives as an e-mail message with 36,864 byte executable file attachment called "creative.exe". If the recipient opens up the attachment, the virus crashes the system and also sends a message to a Yahoo mail account whose owner is effectively untraceable, , reading "Got another idiot."

The recipient is misled by the e-mail subject line ("a great Shockwave flash movie") and the executable's use of a Shockwave icon.

The subject line of the e-mail reads, "A great Shockwave flash movie," and the body contains the following text: "Check out this new flash movie that I downloaded just now ... It's Great Bye."

The virus is triggered only if the user opens the attached "creative.exe" file. It will then move all ".zip" and ".jpg" files to the root directory and append the following text to the regular file extensions: "change at least now to LINUX."

The Prolin virus also appends a message, "c:messageforu.txt", which contains the following text: "Hi, guess you have got the message. I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. I could have done far better damage, I could have even completely wiped your harddisk. Remember this is a warning & get it sound and clear... - The Penguin."

You can download a virus up-date from the international virus protection experts Network Associates or from the Priority Data Web site.

http://www.nai.com/

http://www.prioritydata.ie/virusalerts/virusalerts.htm

:: MORE NEWS from SECURITY
© Copyright ElectricNews.Net Ltd 1999-2002.