COMPUTER ASSOCIATES SAYS NEW
"SPAMMER.A" WORM EVEN MORE DAMAGING THAN 'ILOVEYOU'
CA Sends Source Code to FBI To Assist In
Investigation
ISLANDIA, N.Y., May 19, 2000 — Computer
Associates International, Inc. (CA) is alerting all computer users of a new
worm known as Spammer.A that is more destructive -but unrelated to-the recent
ILoveYou worm, and has already infected thousands of computers by spreading
itself via email.
A polymorphic worm, Spammer.A — also known
as VBS.NewLove.A and VBS.Spammer.A — has an extremely destructive payload that
renames the files and sets their file size to zero. Because of its morphing
capabilities, Spammer.A is more sophisticated and destructive than recent
worms such as "ILoveYou."
CA's antivirus research laboratory has
developed a solution for polymorphic worms, enabling CA to make signature
files that eradicate the virus available to clients. Users can obtain the
latest information on these worms and protect their computers immediately by
downloading the latest signature file of CA's leading antivirus solution,
InoculateIT, from http://www.ca.com/virusinfo. CA is
offering free downloads of antivirus software for personal use at http://antivirus.ca.com/ and encourages
computer users to take advantage of this offering.
CA has also sent the source code of the worm
to the FBI and other agencies to assist in the investigation of its origins
and to search for the authors of this new worm.
"Last week, the world woke up to the
viciousness of love mail, " said Simon Perry, CA vice president, security
solutions. "Now we are dealing with hate mail that can literally destroy a
computer in 20 seconds."
Spammer.A arrives attached to a message with
the Subject line beginning with "FW:" and followed by a file-name with the
extension "name.Vbs", where 'name' could be Doc, Xls, Mdb, Bmp, Mp3, Txt, Jpg,
Gif, Mov, Url, Htm or Txt.
The filename is a randomly selected name
matching one of the files in the \Recent subdirectory (if this directory is
empty, the Subject line lists the extension only, for example "FW:
.Doc.Vbs").
The worm installs itself by copying its code
to Windows and System directories and modifying two registry
keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
As a polymorphic worm, Spammer.A modifies its code
when changing from generation to generation. Before infecting the system, the
worm inserts a random number of comment lines throughout the entire
programming code. These comment lines start with an apostrophe and contain up
to 300 randomly selected characters (capital letters from 'A' to 'Z').
Additionally, each line of the code could be indented by a random number of
spaces.
"There's a big difference between Spammer.A
and ILoveYou," said Perry. "The main disruption of the "IloveYou" worm is that
it clogged email traffic service. It's as if you build a highway, and put too
many cars on it, you'll get traffic jams. This new worm will make your
computer inoperable. You'll switch it off, turn it back on and nothing will
happen."
CA's InoculateIT is
the premier antivirus solution for networked environments offering unmatched
management and virus protection. InoculateIT is certified by the International
Computer Security Association (ICSA) to detect 100% of viruses "in the wild"
and ensures a network is protected against potentially damaging and costly
virus incidents.
InoculateIT is part of CA's eTrust solutions,
which are built on CA's Unicenter
TNG Framework, providing a powerful, comprehensive, and integrated
solution for building, deploying and securing eBusiness. eTrust enables
eBusiness by safeguarding all mission-critical resources, from the browser to
the mainframe.
Computer Associates International, Inc.
(NYSE: CA), the world's leading
business software company, delivers the end-to-end infrastructure to enable
eBusiness through innovative technology, services and education. CA has 20,000
employees worldwide and had revenue over $6 billion for the fiscal year ended
March 31, 2000. For more information, visit www.ca.com.
# # #
All trademarks, tradenames, service marks
and logos referenced herein belong to their respective companies.
Kundalini and Rei Ki for health, happiness, and sprituality
Dedicated to everycreature on earth and to my spiritual teachers.
Visit http://www2.cybercities.com/i/ieffendi
