DonkBoy Internet
Home of the famous
Information Archives.
"For the curious"
Best viewed @ 1024 x 768
For your security, Turn off cookies.
New Pretty Park virus in the wild
------------------------------------------------------------
Bob Sullivan, MSNBC
A new variant of last year's "Pretty Park" virus is making the
rounds, according to antivirus firm Network Associates.
The Trojan horse, which arrives as an e-mail attachment named
"prettypark.exe," does not delete or alter files, but it sends a
copy of itself to everyone in the victimĘs e-mail address book
every 30 minutes, which can bog down an entire network.
It is spreading quickly, according to Network Associates, and has
infected computers on a dozen corporate and government networks.
Pretty Park first appeared last year. This new outbreak --
officially labeled "W32/Pretty.worm.unp" -- is simply that virus
delivered in uncompressed form, according to Kelly Shall,
spokeswoman for Network Associates.
It was discovered in mid-February but wasn't considered a serious
risk at that time, Shall said. In recent days, though, infection
rates have been surprisingly high.
"It's spreading pretty fast," she said.
The virus can infect users of any of the Windows platforms.
Virulent e-mail messages arrive with the subject line
"C:CoolProgsPretty Park.exe." Attached is a program with an icon of
Kyle, one of the "South Park" TV series characters. Because the
file appears to come from a colleague or friend, victims are being
tricked into opening the file.
Victims simply see an image of Kyle, but in the background the
program begins spamming everyone in their address book with the
attachment.
Harder to detect
Antivirus programs will detect the virus. Internet users are still
cautioned to use care when opening e-mail attachments. For a quick
list of instructions on how to prevent viruses.
Martin Skov, product marketing manager for McAfee Associates, said
the new version of Pretty Park initially slipped under the radar of
antivirus products precisely because it was uncompressed. Antivirus
programs don't search entire files for harmful computer code --
they search specific regions of code where virus payloads are known
to lurk. In this new, uncompressed version, the bad code was in a
different place, making it harder to detect.
That scanning technique is used as a timesaver by McAfee, Skov
said. Without it, virus scans would take up to 20 times longer.
"You're talking about huge savings in scanning time by going to the
known location of the file," he said. "The idea here is, again,
it's a trade-off. You have to maximize security while minimizing
the impact and inconvenience."
------------------------------------------------------------