New viruses threaten PC users' Xmas cheer - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

New viruses threaten PC users' Xmas cheer

By James Pearce, ZDNet Australia
December 24, 2002
URL: http://www.zdnet.com.au/news/security/soa/New-viruses-threaten-PC-users-Xmas-cheer/0,130061744,120270853,00.htm

Virus protection company Panda Software has reported a new Opaserv virus which attempts to trick the victim into believing their computer has been shut down by the Business Software Alliance.

The worm, Opaserv.L, installs itself into the Windows directory under the name mqbkup.exe. If the date is December 24 or later Opaserv.L creates several more files and then restarts the machine, displaying the following message in an MS-DOS window:

"NOTICE:
Illegal Microsoft Windows license detected!
You are in violation of the Digital Millennium Copyright Act
Your unauthorized license has been revoked
For more information, please call us at:
NOPIRACY
If you are outside the USA, please look up the correct contact information on our website, at:
www.bsa.org
Business Software Alliance
Promoting a safe & legal online world"

Finally, Opaserv.L deletes the content of the computer's CMOS and hard disk. Panda has not had any reports of the virus in the wild, so users who update their antivirus programs should be protected.

MessageLabs have also detected a new variant of the Yaha worm that is active in the Middle East and Australia. Yaha.M contains its own e-mail program, and may launch a denial of service attack against infopak.gov.pk.

Yaha.M forges its envelope-from and header-from addresses, and uses a variety of subjects, attachment names and content to attempt to fool the user to run the program.