Dangerous Kriz Virus spread by other Worms

By Robert Vamosi
22 December 2000 10:13 AM
Tags: kriz virus, infect, bio, floppy, 25th, worm, file, spread

One of the most dangerous viruses is back in time for Christmas 2000, thanks in part to other worms that may have spread it throughout the year.

Although the Kriz virus was first discovered in late 1999, it is believed to have infected files that other, more recent worms such as Bymer have spread across the Internet throughout the year.

Therefore, several anti-virus software companies are now warning users to scan their PCs in advance of its December 25th trigger date.

Kriz (W32.Kriz) infects Windows 95, 98, NT and 2000 systems and carries a destructive payload similar to CIH such that Kriz will destroy files on floppy disks, hard drives, network drives, as well as the computer's BIOS. At present, Kriz ranks a 6 on the ZDNet virus metre.

How It Works
The Kriz virus arrives as an infected file, which may be a file copied from another computer on a network or from a floppy or sent as an attachment to an e-mail.

Kriz carries an infected copy of KERNEL32.DLL, which lives in the Windows/System folder.

Kriz creates its own folder Windows/System/Krized.tt6, and adds a line to Winint.ini to look there for the infected copy of KERNEL32.DLL.

The Kriz-infected copy of KERNEL32.DLL allows the virus the following functions:

-CopyFileA
-CopyFileW
-CreateFileA
-CreateFileW
-CreateProcessA
-CreateProcessW
-DeleteFileA
-DeleteFileW
-GetFileAttributesA
-GetFileAttributesW
-MoveFileA
-MoveFileW
-MoveFileExA
-MoveFileExW
-SetFileAttributesA
-SetFileAttributesW

When Kriz is resident in memory, these functions allow any recently run executable file to become infected with Kriz.

If an infected executable file is run on December 25th, Kriz will erase the computer's CMOS, which contains information such as date and time, and what type of hard disk the computer uses.

It will also erase the contents of any floppy disks, hard drives, and networked drives.

It will also attempt to flash the computer's BIOS with garbage.

This only works on some BIOS. If it is successful, however, the computer will no longer boot and its motherboard will have to be replaced.

Removal
Kriz has been around long enough that all the anti-virus software companies have detection and removal software available.

For example, Symantec offers an online tool for users using Internet Explorer or Netscape.

Advertisement

Print feature brought to you by Adobe

Talkback 0 comments

Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • Renai LeMay How reliable is IP telephony?
    Have you ever heard a weird kind of hissing, crackling or popping noise when calling someone on an IP telephony line? How rare is the phenomenon these days?
  • Array Forget the NBN, 100Mbps is already here
    Telstra and TransACT will shortly begin offering 100Mbps broadband to many customers. By moving early, the companies have not only raised the bar for Australia's broadband services, but thrown down a challenge to a government that now faces increased pressure to deliver the NBN as promised.
  • Array IT: Govt's cost-cutting bitch
    The government needs to stop looking at IT as a necessary evil or the place to remove costs when the Treasurer comes calling.
  • More blogs »

Tags

  1. 489 articles are tagged with 3g
  2. 41 articles are tagged with afact
  3. 83 articles are tagged with asic
  4. 141 articles are tagged with ato
  5. 1306 articles are tagged with broadband
  6. 69 articles are tagged with cba
  7. 14 articles are tagged with cenitex
  8. 670 articles are tagged with cio
  9. 254 articles are tagged with conroy
  10. 132 articles are tagged with contract
  11. 47 articles are tagged with david thodey
  12. 155 articles are tagged with exchange
  13. 152 articles are tagged with firewall
  14. 129 articles are tagged with fujitsu
  15. 53 articles are tagged with gnome
  16. 1033 articles are tagged with government
  17. 22 articles are tagged with hfc
  18. 790 articles are tagged with hp
  19. 1304 articles are tagged with ibm
  20. 222 articles are tagged with iinet
  21. 289 articles are tagged with isp
  22. 7 articles are tagged with jodee rich
  23. 13 articles are tagged with longhaus
  24. 35 articles are tagged with michael malone
  25. 1481 articles are tagged with microsoft
  26. 35 articles are tagged with mike quigley
  27. 52 articles are tagged with minchin
  28. 1127 articles are tagged with mobile
  29. 218 articles are tagged with national broadband network
  30. 397 articles are tagged with nbn
  31. 201 articles are tagged with new zealand
  32. 195 articles are tagged with nsw
  33. 61 articles are tagged with one.tel
  34. 929 articles are tagged with open source
  35. 885 articles are tagged with optus
  36. 20 articles are tagged with pipe networks
  37. 171 articles are tagged with queensland
  38. 2650 articles are tagged with security
  39. 53 articles are tagged with senate
  40. 70 articles are tagged with separation
  41. 9 articles are tagged with sp telemedia
  42. 177 articles are tagged with sydney
  43. 232 articles are tagged with telco
  44. 61 articles are tagged with telecom nz
  45. 2442 articles are tagged with telstra
  46. 138 articles are tagged with tender
  47. 25 articles are tagged with thodey
  48. 31 articles are tagged with tpg
  49. 176 articles are tagged with victoria
  50. 79 articles are tagged with wholesale

Back to top

Featured