IT@TT - Online

A Krazy Krizmaz

This was no party weekend with 1999s Kriz virus making a comeback. Random cases of Krizmaz infections have been reported within India too. So watch out. This time around, Kriz will try and trash your PC on December 25. And now also takes advantage of other viruses to spread itself. Kriz is a variant of CIH, the original Win killer. Luckily for us users, this time around most anti-virus developers are on the ball and have released Kriz fighters. So don't wait. Update your antivirus before its too late.

Kriz damages the Windows kernel; an act that effectively reduces an expensive workhorse to a corpse. The virus also infects applications on your local hard drives and any mapped, networked ones. It even can infect files on a shared PC, causing the remote PC to suffer a Kriz attack. Kriz is the Ebola equivalent for PC. And first infects, and then physically deletes infected files and folders. It also attacks your computers BIOS. And can in an extreme case attempt to physically destroy the hard drive.

This new Kriz variant is really dangerous because it infects other worms and viruses. And subverts them from their unholy missions to do its own bidding. The most recently known (there may be others too) strains to suffer a Krizmas attack are Happy99.worm (W32.Ska) and W32.hllw.bymer.worm. Its possible that some variants of Melissa too have been infected by Kriz.

The precautions are the same as ever. Make sure to keep your virus scanner updated. Never click on an email attachment regardless of the sender or the filename. Request your correspondents to send you plain text (ASCII) email. And if you want to have an extra layer of cyber-neoprene rubber, visit your favorite vendor's site and download a Kriz buster.

Someone I met recently was hit by the Ad Clicker virus. This is a supposed nuisance value worm that hits once and vanishes. Seems that's not true, it's remarkably persistent. And drops an MSDTP.EXE file. This is not an original Windows file. When online and infected, your PC develops a mind of its own.

If this was not enough to make you knock back several stiff ones, there's more. A recently discovered TCP/IP flaw affects all variants of Windows except Windows 2K and causes the PC to hang. The problem is caused by improper implementation of the NetBIOS over TCP/IP (NBT) protocol in Windows NT 4, Windows 95/98/98SE and Windows ME. NetBIOS is a Windows standard for computer networking services. An attacker can continually transmit malformed network packets causing the targeted computer to freeze file and print sharing services. The only solution is to reboot. And if you have a cable or leased line (always-on) connection, you are at risk.

Win NT 4 users should download the "Incomplete TCP/IP Packet" fix from http://www.microsoft.com/ntserver/nts/downloads/critical/q275567/download.asp. For other Windows platforms, there is a work around by disabling file and print sharing in the dial-up adapter. Click Start|Settings|Control Panel and double-click the Network icon. Now click TCP/IP -->Dial-up Adapter and click Properties. Then click the Bindings tab and clear the File and Print Sharing check box. Then keep clicking the OK buttons until the dialog box closes. Finally, restart your PC.

Govind Menon
[email protected]

Top

Other Articles