Oops, You did it again
Yeah, baby hit me one more time. Teen singing sensation Britney Spears too has now been virally immortalized. After Anna Kournikova's turn last week, it's now Britney’s time on the top of the virus writer's hit parade. And if tormenting you on TV wasn't enough, her cyber avatar targets PC users as a data destroyer.
Last week you learnt about the Anna Kournikova virus. This like its human namesake, arrived with great fanfare, attracted lots of attention, then did nothing. And like Anna baby, this week too the worn remains on the loose as an irritant. Its creator has since surrendered to the authorities. And even the hacker whose toolbox was used to crease this worm has voluntarily removed the product from the Web.
But in a very demented salute to bubble gum pop, Britney Spears has been immortalize with a virus all her own. Officially known as W32/Avupd.ow.b@M (I-Worm.Totilix.b, PE_ILUVBRITNEY, W32.HLLO.Britney, W32/Britney.ow, W32/Zmk.55808.Worm, Win32.HLLW.Britney.55808, WIN32.ILOVEBRITNEY), this MAPI worm is also a data destroyer. Officially it’s "in the wild" but all the same do watch out.
Not much is known about how the virus arrives. But you know your system is infected if the Internet Explorer start page changes to www.britney-spears.to/site.html. The worm also renames the Windows screen saver, SSSTARS.SCR to BRITNEY.SCR. And displays "ILoveBritney Freeware" button. When clicked, this reads "Please select email address to send at your friend. This program opens automatically your address book." Another giveaway is that all Windows dialog box titles change to Win32.ILoveBritney par ZeMacroKiller98.
Under test, the virus overwrites .EXE files with its own code. It is also known to create Registry entries. In Win9x, these are HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ RunServices\ILoveBritney = [location of Britney.exe]. At WinNT, the key is "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RunServices\ILoveBritney = [location of Britney.exe]".
If you reboot or restart your PC post-infection, besides the changed dialog box titles, you also get a message, "If you don't think that, you think it now, Ha Ha Ha Ha !!!" The code also contains a reference to February 12, Britney's birthday. On this day perhaps in sympathetic celebration, you can't do any work. Try to run any .EXE and the computer freezes up. The virus also attempts to delete AUTOEXEC.BAT, CONFIG.SYS, IO.SYS and MSDOS.SYS.
My advice for this infector remains as always; diligently check your antivirus software vendor's site for updates and download a copy and install it immediately without waiting for the auto-update feature to work. Because it maybe too late for your data when it does. Finally, avoid opening any messages that promise you sex, fun or money or come from someone who doesn't usually send you attachments.
Govind
Menon
[email protected]
Other Articles
CareerCorner | ChiefChat
| FirstFolio |
Mailbox
| ProductGuide
| ProductPreview
SiteScan
| Techtalk
| VirusWatch
| Webware