Computer Associates warns of new millennium viruses

The company identifies a rash of new viruses that could wreak havoc on PCs, including one that permanently erases files on hard drives.

Michael Kanellos Staff Writer, CNET News.com

Michael Kanellos is editor at large at CNET News.com, where he covers hardware, research and development, start-ups and the tech industry overseas.

See full bio

Michael Kanellos

Jan. 2, 2002 4:43 p.m. PT

3 min read

While the world is watching, and waiting, for any effects of the original millennium bug, Computer Associates has identified a rash of new viruses that could wreak havoc on PCs, including one that permanently erases files on hard drives.

The viruses are the latest in a series of year-end bugs that are timed to go off when the clock strikes midnight or are associated with the turn of the century. Along with traditional computer bugs, experts have noticed a resurgence in software that can be used for "denial of service" attacks, which prompt hundreds of computers to send messages to a given site or server and knock it out.

Of the recently discovered viruses, the Zelu.Trojan appears to be one of the more virulent. The virus comes as an executable attachment in an email disguised as a Y2K fix. The executable is named "Y2K.EXE."

If it is clicked, a computer's screen changes. At the bottom of the screen are the words "Y2K Copyright ? 1999-2002 ChipTec."

Rather than inoculate against the Y2K bug, it overwrites all files on the PC with the following message: "This file is sick. It was contaminated by the radiation liberated?by the explosion of the atomic bomb."

Because the files are overwritten, they are lost forever, CA cautioned. "This is another example of a potentially disruptive virus masquerading as a Y2K fix," Simon Perry, security business manager at CA, said in a statement.

Another virus similar to the Zelu.Trojan virus, called Trojan.Kill, has begun to circulate on pirated copies of Windows 98; that virus performs a similar function, according to Reuters.

Another virus, which goes by the name Esmeralda.807, also affects Windows users and is delivered through email. The virus slows commands to open files. The delays are for random lengths of time and can lead users to believe that their computer has frozen. The text "Esmeralda para Esmeralda Vera Vera Bucamaranga, Colombia 1999" appears in the code of the virus.

By contrast, the Spaces.1633 virus affects start-up procedures. Both the Esmeralda and Spaces viruses affect the Virtual Device Driver in Windows systems.

The Lucky 2000, virus, meanwhile, overwrites Visual Basic scripts on computers running Windows 98, Windows 95 or Windows NT. If a computer gets infected, the virus will rewrite infected files. The infected file will subsequently contain a URL that connects to a Web site in Russia.

Still, despite the appearance of these viruses, the Carnegie Mellon Software Engineering Institute, which monitors security issues, says the risk of infection for most people is low. People would have to be clicking on suspicious files at specific times with some viruses to set them off.

"Because viruses have to be executed to operate, and because most people will not be at their keyboards as the date rolls over, the likelihood of a significant virus event is low," the organization wrote on its Web site. "As people return to work next week, the virus risk may increase somewhat for all types of viruses, but there is no reason to expect a major outbreak."

The institute has reported an increase in servers that can be deployed in a denial-of-service attack. Actual attacks, however, have not increased as yet.

More on the new viruses can be found at Computer Associates' virus alert page.

Reuters contributed to this report.