年末のお休みにセキュリティが叫ばれていましたが、やっぱり奇妙なウィルスが出回ったようですね。以下は zdnet.com に出ていたものですが、こんな手の込んだ愉快犯というのも、なかなか・・・要するに、e-greetingの形で届いて、クイズに回答したら、ウィルス除去のサイトに誘導する、というもの。対象はWindows 95, 98 and ME。ベルギーあたりからのものらしい。しかし、こうなると国際便でカードを送付するより気軽に e-greeting と考える私のような人間にとっては、眉をひそめてしまいますね。さてと、このインプットが終わったらおやつでもしながら Windows Update でもするかいな。
時間のある方はぜひ原文をお楽しみ下さいませ。
More troublesome is the PE_QUIS.A worm, according to antivirus company Trend Micro; it is also called W32.HLLP.Belzy@mm by Symantec and has been detected in the past few days by several other companies. Quis spreads itself via Outlook as an e-mail containing a destructive payload. The worm affects Windows 95, 98 and ME.
The worm infects all .exe files in the My Documents and C:\progra1\mirc folders. Among its less disruptive effects, it overwrites ring-tone files (using the extension .rtx) with the tune "Jingle Bells" and subjects the user to a quiz.
The worm arrives in an e-mail with the subject line, "Merry Christmas!" The body reads: "You've probably received enough e-cards. Here's a nice Christmas screensaver instead :)," and the message carries an attachment called xmas.scr.
Removal involves identifying infected files with an antivirus program, deleting them and then undertaking the tricky process of removing autostart entries from the registry. Detailed instructions can be found on Trend Micro's Web site. Updated virus definitions can be obtained from Trend Micro, Symantec and others.
When an infected system is restarted, Windows automatically runs an application called "startup.exe", which begins by informing the user that the PC is infected. The pop-up message reads, in part: "Your computer is infected with Win32.HLLP.Quizy. However, if you complete the quiz, you may be able to disinfect it."
The quiz contains such seasonal questions such as "Which animal would Santa have if he actually existed?" (reindeer) and "Which season do I hate the most?" (winter). The virus writer's nationality is signposted in some questions, such as, "In which country do I live?" (Belgium) and "Which keyboard layout is used in Belgium?" (azerty).
Other questions are technical, such as "Which chipset does a U.S. Robotics 22Mbps Wireless PC Card have?" (acx100), or whimsical, such as "What does antivirus person Graham Cluley have between his toes?" (cheese).
Upon completion of the quiz, the program executes the infection code again, and directs the user to a Web site which promises information on how to remove the worm.