labels: it news
Babylonia virus no Y2K fix news
08 December 1999
Symantec Corporation has announced the discovery of a new virus, W95.Babylonia, which disguises itself as a Y2K fix. This is a virus clever enough to sneak into systems in pieces and update itself with fresh code. It is a virus in four pieces of which the first -- called the stub by researchers -- arrives posing as a Y2K fix. Once opened, the other pieces are pulled into the victim's computer from a website.

Named W95 Babylonia, the virus downloads its components from the Internet, in fact, it waits for the connection, once the virus is executed. Once connected, it downloads several files from an infamous but unknown virus-hosting web server based in Japan. This essentially means that the core of its trouble-making capability lies elsewhere and can be centrally controlled, updated and propagated.

In itself the virus does not do too much damage compared to a Melissa or such other viruses but the fact that it is 'updatable' means that the damage level could be very high and still unknown. The virus is apparently authored by a member of the '29A' virus writing group.

Its medium of propagation is mIRC, the application used for relay chat over the Internet.

When an infected user logs on to mIRC, it will automatically send the virus to everyone in the same chat room. The virus is sent as a Y2K bug fix and, when executed, the file infects other 32-bit '.exe' program files (mostly those that work directly on Windows 9x operating systems) and Windows help files.

Besides, the virus also modifies an infected system to display this message when booted:

W95/Babylonia by Vecna ©1999
Greetz to RoadKil and VirusBuster
Big thankz to sok4ever webmaster
Abracos pra galera brazuca!!! Eu boto fogo ba Babilonia !!

Without your realising it, the virus also sends a mail to babylona_counter@hotmail.com to help it track infected computers. Complaints at Symantec's Antivirus Research Centre (SARC) indicate that it has been spreading fast. SARC has rated the risk factor of this virus as medium/high. Symantec has posted the virus definitions for this virus on its site, which can be downloaded manually or automatically downloaded through Norton Antivirus Live Update.

Of the four parts of the virus mentioned earlier, each has a specific function -- the first is the 'travelling infector'; the second modifies the virus to display a message on boot-up; the third turns the virus into a worm, and spreads over IRC, or Internet relay chat; and the fourth sends e-mail to babylonia_counter@hotmail.com.

Such division of labour among the parts makes it 'smart' and deadly. The first part, being small, can be easily transmitted while the others can be modified at the whims of the programmer -- even bypassing the anti-virus solutions put out.

also see : Beware of email trojan in Microsoft garb
And they keep coming back
An update on viruses
Yet another virus
More virus scares
Melissa gets meaner

 search domain-b
  go
 
Babylonia virus no Y2K fix