A new software virus, Thursday, is rapidly spreading among
banks and financial institutions creating security problem for them. This Word macro virus
has already affected various banks and financial institutions in eight countries.
`Thursday' was first detected in London and Network Associates (of Mcafee fame) was among
the first to receive the scare. But last month, several anti-virus companies have reported
detection of the same virus.
This virus has a few other aliases: W97.Thursday and W97M.Automat.K.
A comment line "Thus_001" will appear at the top of the viral macrocode. The
virus will check the comment to determine if the desired exercise is in progress. This
task is performed only to avoid multiple damages. At this is stage the virus will acquire
the name.
Thursday affects Word 97 files. It is written in "macro" programming language,
which is used to automate processes in Microsoft applications.
The virus can turn off the Word 97 macro warning feature (tools-option-general) and affect
all documents opened subsequently. It will damage template files and attempt to delete all
files on a user's C drive on December 13.
According to Network Associates, Thursday has been detected in about 5,000 PCs. Network
Associates, Symantec, and TrendMicro claim that their anti-virus software can detect and
eliminate the virus.
The annoying feature of this virus is that it lies dormant and users will not be able to
trace its existence till December 13. The date is significant because it is close to 2000
deadline.
Avert, a research arm of the Network Associates that monitors security threats, has given
a high-risk rating to this virus because, it fears that the problem may spread rapidly
among banks and financial institutions.
Describing the damage as a `rare' possibility, Symantec (of Norton anti-virus fame) told domain-B that the damage control exercise on the virus was created
automatically by SARA (Symantec AntiVirus Research Automation) on 16 August 1999 by using
the auto-generated virus called W97M.Automat.K virus. This virus has now been renamed as
W97M.Thus.A virus.
As of 2 September 1999, Symantec received only one complaint from its customer pertaining
to this virus. It assumes that the virus may not spread quickly.
Symantec has provided users of Norton AntiVirus with an online definition update at:
http://www.symantec.com/avcenter/download.html
According to Computer Associates, this virus may not cause much damage, because it does
not have self-propagating feature. Small mercies for that. But all hands on the deck, if
you will.
See related article ""
|