Christmas virus springs back into action

In a week of re-releases of malicious tools, such as the Visual Basic Script Worm Generator and backdoor tool SubSeven, the hardware-destroying W32.Kriz virus has also made a comeback.

The worm originally surfaced over the Christmas of 1999, carrying a payload capable of damaging a computer to the degree that it would need hardware repairs to be functional again. Now the code has been modified and the virus has returned as W32.Magistr.24876.

Antivirus companies have already detected outbreaks of the worm across Europe and are billing it as a moderate threat. The virus is dangerous, not just because it is capable of completely overwriting a hard drive, but because it can also erase the CMOS as well as destructively flashing the BIOS, leaving the affected computer in need of a BIOS chip replacement.

Magistr affects all variants of Windows and replicates by infecting a random Word file on the user's hard drive. It then attaches that file, and five other Word or text files, to an email which it sends to all addresses in the Windows address book.

It carries its own SMTP handler so it's not just limited to mailing itself through Outlook: it can also affect Netscape Messenger or Internet Mail and News.

Eric Chien, head of Symantec's research centre, said that although the virus is "extremely destructive", it is also "extremely clever. It is a polymorphicvirus which can infect through email and over the network. If you are infected with this virus, your computer is toast," he warned.

On the up side, Chien said that because the virus does not attempt any social engineering to persuade the user to run it, unlike the Naked Wife and Kournikova viruses, it would not spread quickly.

"Also, any virus which attacks the hard drive and BIOS will not spread as fast. If your computer isn't working, then it's not sending the virus out."

But Chien said that standard rules apply here: if you get a strange email with attachments, just delete it.