Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you

Retooled Navidad virus on the loose

Symantec's AntiVirus Research Center discovers a new, more potent variant to the "Navidad" virus.

Symantec's AntiVirus Research Center has discovered a new, more potent variant to the "Navidad" virus.

Early this month, the email virus infected computers in at least 10 Fortune 500 companies, causing more annoyance than destruction, computer experts said.

That original version had buggy code, disabling a relaunch feature that was intended to bombard victims with repeated attacks. That bad code has been fixed in a new version, making it potentially more damaging. In all other respects, the two variations are identical.

The virus infects Microsoft's Outlook email application, arriving as a reply when a person sends a message to an infected computer. If the attachment, "navidad.exe," is run, a message in Spanish reads: "Never press this button." If the button is pressed, a further message reads: "Feliz Navidad. Unfortunately you have given in to temptation and will lose your computer."

Patrick Martin, program manager for Symantec's AntiVirus Research Center (SARC), said the variant was discovered Tuesday. SARC is giving it a threat level of three--with five considered the highest security threat.

"It's out there; we're keeping our eyes on it, but there's no need to panic," Martin said. "It's definitely not anything like 'Love Letter.' It largely doesn't do anything damaging to your system, and it spreads itself a lot more slowly."

Martin said that the original Navidad worm would launch only once, inserting itself in a reply to all emails with attachments in the victim's in-box. In the new version, the worm relaunches every time the email program is activated.

Martin said the original version included a typo disabling the repeat launch feature. He said it looked like someone had fixed the problem.

"It's like you were a terrorist, and you designed a bomb, but you didn't plug in the fuse right," Martin said. "Somebody else came along and...fixed it so it would do its dirty work correctly."

Martin said that SARC suspects the Navidad virus may have started somewhere in Latin America.

"It caught attention because of the term Navidad," Martin said. "People thought it was a Christmas worm...Since a lot of text that shows up is in Spanish, we assume it probably came somewhere in Latin America."