Watch CBS News
X-SciTech

Pro-Linux Virus Under Control

By CBSNews.com staff CBSNews.com staff

/ CBS

Add CBS News on Google

A new e-mail distributed computer virus that calls its computer victims "idiots" and promotes Windows users to switch to the Linux operating system appears to be under control after attacking hundreds of computers since the beginning of December.

The worm-like virus, which began wriggling its way into personal computers on Thursday, is delivered with the tempting e-mail subject message "A great Shockwave flash movie." The body of the e-mail contains the missive "Check out this new flash movie that I downloaded just now...It's Great Bye" and the enticing attachment.

"This one looks to be more like a prank than anything else," Patrick Martin, program manager at Symantec AntiVirus Research Center, told CBSNews.com Tuesday. "But its very much like 'Love Letter' because it spread itself out and tries to make you notice it."

Developed and initially distributed by what appears to be a pro-Linux user, the virus spreads the same way the computer crippling "ILOVEYOU" bug did in early May, by taking a user's e-mail system hostage and sending its dangerous nature out to thousands of machines worldwide.

Whereas the "Love Bug" severely paralyzed thousands of computer hard drives and by some estimates caused millions of dollars in economic damage, the new virus does not seriously corrupt computers once the recipient opens the attached "creative.exe" file. But once launched, the virus - known as "ProLin," or pro-Linux - begins to rename all files on the user's hard drive with .jpg, .zip and .mp3 extensions and places them on the root C drive directory.

All of the renamed files are updated with the teaser extension "change at least now to LINUX." Causing more headaches then actual hardware or software damage, the Trojan horse-like virus then digs into the e-mail software Microsoft Outlook to initiate a mass-mailer, sending itself to everyone stored in the user's personal address book.

"These virus writers want to worm their way in any way they can," said Martin, who pointed out that e-mail is the easiest way to spread computer viruses for free. "They want to find any hole they can. They want to entice the user any way they can to click on an attachment and launch it."

Servers at several companies, including CBS, were clogged by the thousands of e-mails flooding networks as the bug worked its way across mostly Europe and the United States.

"ProLin" first hit electronic mail boxes Thursday afternoon, with several reports tracing initial discoveries of the bug to users in France and Germany. MacAfee, an anti-virus software developer, received early reports from users and by Monday morning dozens of companies had informed MacAfee that they were hit by the bug.

On its Web site, MacAfee raised its risk rating on the virus to "high," where it remained Tuesday morning. Symantec's Antivirus Research Center Web site gave the bug a "medium" threat assessment, but did say that its aility to propagate was "high."

Martin said SARC had received at least 100 submissions of the "ProLin" bug since Thursday, but he didn't expect the virus to spread more than it had. He said people and companies had learned from the "Love Bug" swarm and were better informed about how to protect computers from e-mail distributed viruses.

"I have a feeling it will taper off because it's not doing a lot of damage, it's not taking the systems down and it's easy to catch," Martin said of the "ProLin" virus.

Fortunately, the bug also politely deposits a text document for the unfortunate sufferer, explaining how to repair the damage on the user's computer.

"Hi, guess you have got the message," the "messageforu.txt" file reads. "I have kept a list of files that I have infected under this. If you are smart enough just reverse back the process. I could have done far better damage, I could have even completely wiped your hard disk. Remember this is a warning & get it sound and clear."

The document is signed by "The Penguin" - the Linux mascot is a cartoon of the flightless aquatic bird - and is followed by a list of the digital music, digital picture and compressed files that were renamed on the user's hard drive.

Competing with Microsoft Windows, Linux is a free operating system software with a quickly growing number of hardcore supporters.

As a final insult to the unfortunate victim, the bug sends a message to a Yahoo! e-mail account and back to the possible author stating " Job complete" and "Got yet another idiot."

The worm virus has several aliases, including Prolin Shockwave, W32/Prolin@MM, TROJ_SHOCKWAVE.A, I-Worm.Creative, Prolin-Shockwave and TROJ_PROLIN.A.

© 2000, CBS Worldwide Inc., All Rights Reserved

© 2000 CBS. All rights reserved.

View CBS News In
CBS News App Open
Chrome Safari Continue