A new quick-spreading computer virus that can reformat a victim's computer hard drive on Christmas has been detected, and already appears to have cropped up on three continents, antivirus researchers said.
What it does: If opened, the virus will reconfigure your hard drive on 12/25.
Means of transmission: Email. Takes advantage of hole in Microsoft Outlook to replicate.
How to recognize: The body of an email will read "This document is very important and you've GOT to read this!!"
Who is at risk: Any Windows 95, 98 users.
Dubbed "Prilissa," the malicious code is a combination of Melissa, an earlier virulent virus spread via email, and another program called PRI. It follows an increasingly common trend of using security holes in Microsoft's Outlook and Outlook Express to spread itself through email.
"Come Christmas day, you could turn on your computer to play a new game or whatever, and it reformats your hard drive," said Sal Viveros, group marketing manager for the antivirus division of Network Associates.
While potentially dangerous for users, the increased visibility of these viruses has been a boon for antivirus companies such as Network Associates and Trend Micro, which have seen sales of antivirus software skyrocket.
Researchers at Network Associates antivirus labs say they discovered Prilissa two days ago and deemed it a low risk, since it had not yet surfaced "in the wild," or on the Internet at large. But today at least 10 Fortune 500 companies scattered across Europe, the United States and Australia called in reports about the virus, the company said.
The code draws from both of its predecessors. Like Melissa, the virus comes as an attachment in an email. Once opened, the virus will email itself to the first 50 addresses in an infected computer's email contact list. From the PRI code, it inserts random colored squares into a user's documents.
But unlike its predecessors, which mostly only led to excessive email traffic, Prilissa carries a destructive kick. If opened, a user's hard drive could get re-configured.
The virus appears in mailboxes purporting to be a message from the last infected user. The body of an email will read "This document is very important and you've GOT to read this!!"
The document itself can be whatever Microsoft Word file the last victim was using when the virus sent itself out, raising the risk that confidential documents could accidentally be released to a huge number of people.
Although the virus can only replicate itself through Microsoft Outlook, the payload can infect any PC running Windows 95 or 98. Put another way, consumers who use Eudora Pro can get infected, but they can't spread the virus.
Unlike a dangerous new variant seen with the "Bubbleboy" virus, Prilissa requires a victim to click on the infected email attachment in order to launch itself and infect the users' computer.
Some existing antivirus protections against Melissa will stop Prilissa from spreading without being updated, Viveros said.