A 'Naked' Computer Virus
A destructive computer virus hit at least 30 organizations and one federal agency Tuesday, security experts said.
Like the most recent widespread virus that used the name of tennis star Anna Kournikova, this new program called "Naked Wife" takes advantage of users "baser instincts," according to one antivirus company official.
Steve Trilling, director of research at the Symantec Antivirus Research Center, said at least 20 of Symantec's clients in Canada, the United States and Europe had been hit.
Trilling said the virus, which appears with the subject line "FW: Naked Wife," deletes almost all of a computer's vital system files. It also sends itself out to everyone in the user's e-mail address book.
"It essentially destroys your Windows operating system," he said.
Trilling said the virus may have come from Brazil, even though he said very few viruses originate in South America. Information inside the virus source code mentions AGF Brasil, an insurance company, and the name "MHSantos."
"One could fake this stuff, but indications in a virus for the most part tend to be correct," Trilling said, adding that names found in the recent "Love Letter" virus eventually led to that program's creator.
The virus e-mail contains an attachment called "NakedWife.exe." Like most viruses, the recipient's computer is only infected if the receiver runs the attachment.
Anti-virus companies offered cures for the virus on their Web sites by the afternoon.
Readers who click on "Naked Wife.exe", will not get a nude picture, but will instead see a short cartoon followed by a vulgar message, signed by "BGK (Bill Gates Killer)."
All the while, the virus is deleting key Windows and system files on the user's PC, rendering the computer unable to start up properly, according to Susan Orbuch, a spokeswoman for anti-virus software maker, Trend Micro Inc.
Orbach said her company has received reports of infections from 10 corporate clients, including two large telecommunications firms, a federal agency and a "multinational conglomerate," she said.
"This is not any new technology we haven't seen before," Orbach said. "It's social engineering to take advantage of our baser instincts."
Both Trilling and Orbach suggested that corporate network administrators block incoming program attachments, since it seems that computer users will continue to click on suspicious attachments, no matter how many times they're stung.
"Very few people have a legitimate reason to receive executable files in e-mail," Orbach said. "Haven't people learned?"
Users who receive the e-mail should not click on the attachment and should delete it immediately. The virus, written in the Visual Basic language, deletes files ending in .bmp, .com, .dll, .exe and .ini in the Windows and Windows Systems directories. It leaves files outside of those directories, including most application programs and data files, untouche.
Infected users will have to reinstall the Windows operating system in order to restart their computers.