Central Command Discovers a New Internet Worm I-Worm.XTC that Targets New Year's Day; New I-Worm.XTC Masquerades Itself as a Virus Protection Update.

Business Editors and High Tech Writers

MEDINA, Ohio--(BUSINESS WIRE)--Dec. 5, 2000

Central Command, a leading provider of PC anti-virus software anti-virus software n → Antivirensoftware f and computer security services, and its partners' announced today the discovery of I-Worm.XTC XTC See Ecstasy, MDMA. , a new Internet worm that infects Windows 95/98/Me/NT/2000 computers and masquerades itself as a virus protection update. This new worm uses a new technique for replication, and can be remotely controlled through the Internet.

Unlike many common Internet worms today, the I-Worm.XTC worm does not use the infected computers email address book, as like other Internet worms, in order to replicate and send out infected e-mail message attachments. Instead, I-Worm.XTC utilizes the Temporary Internet Files In a user's computer, a collection of the most recent Web pages and files downloaded from the Web. The files are stored in a folder that acts as a cache so that subsequent requests are retrieved from the local hard disk. folder to search though HTML HTML
in full HyperText Markup Language

Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. and HTM files for e-mail addresses. Many of today's current antivirus protection applications only protect and warn of suspicious activity when the infected computers address book is accessed. Since this new Internet worm is using the new technique of searching-cached pages for e-mail addresses, many antivirus warning systems will not detect its presence until specific detection signatures are added for it.

"I-Worm.XTC demonstrates a new means for an Internet worm to travel," said Bogdan Dumitru, Virus Researcher for AVX AVX Adult Video XXX
AVX Avid Visual Extensions
AVX anti Virus Expert antivirus software. "Additionally, I-Worm.XTC can connect to a password protected Internet Relay Chat See IRC.

(chat, messaging) Internet Relay Chat - (IRC) /I-R-C/, occasionally /*rk/ A client-server chat system of large (often worldwide) networks. IRC is structured as networks of Internet servers, each accepting connections from client programs, one per user. (IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. ) channel. Within the IRC channel, the worm can be silently updated and controlled by the channel operator allowing remote control of the infected computer much to the surprise to the user," concluded Dumitru.

The worm attempts to hide itself behind a standard AVX Professional antivirus icon, a method to trick the unsuspecting user to open the attachment. When the worm is started on January 1st, it will set the users default web page to http://www.therainforestsite.com.

The email message that is sent by the worm contains the following subject and message:


Subject: "AVX update notification"

Message: "Hi, We would like to notify you about the newest software
designed by SOFTWIN company. This program constantly monitors the net
for the newest viral treats and anti-virus databases. In the case some
new virus is in-the-wild, it will immediatelly ask you to download the
newest version of AntiVirus eXpert 2000 (AVX). It"s small, it"s
efficent, it's secure and powerful. No special licence is needed, it"s
freeware. We hope you enjoy AntiVirus eXpert and share it with your
friends.

Best regards
AVX developement team."

AVX Professional with integrated AVX for Office 2000 has been updated to detect and remove I-Worm.XTC. A free 30-day trial version may be downloaded from www.avx.com or obtained by contacting Central Command toll-free at 866-2-GET-AVX (866-243-8289).

About Central Command:

A leader in the anti-virus industry, Central Command, Inc., a privately held company privately held company

A firm whose shares are held within a relatively small circle of owners and are not traded publicly. , was founded in 1990 and serves home PC users and industrial, government, financial, education and service firms with virus protection software, services, and information. The company services customers in over 40 countries and is headquartered in Medina, Ohio.

Central Command, EVRT EVRT Electronic Variable Response Turbocharging , Emergency Virus Response Team are trademarks of Central Command Inc. AVX and AntiVirus eXpert are trademarks of Softwin SRL 1. SRL - Bharat Jayaraman.

["Towards a Broader Basis for Logic Programming", B. Jayaraman, TR CS Dept, SUNY Buffalo, 1990].
2. SRL - Schema Representation language.
3. SRL - Structured Robot Language.

C. Blume & W. Jacob, U Karlsruhe. , Romania. All other trademarks, trade names, and products referenced herein are property of their respective owners.

COPYRIGHT 2000 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Publication:	Business Wire
Date:	Dec 5, 2000
Words:	533
Previous Article:	9278 Communications Denies Blackstone Allegations.
Next Article:	Ruther Appointed to National Accounting Association Committee.
Topics:	Computer network equipment industry Network hardware industry Network security software

Related Articles
Security Supplement.
Bugged by viruses?
Nimda - how it works. (VIRUS NOTES).
Five mods of Nimda detected. (Virus Notes).
Hybris: The story continues. (Security Supplement).
What's special about 'Davinia'? (Security Supplement).
The Palyh worm appears as a communique from Microsoft. (Virus Notes).
Internet virus alert: Central Command warns all email users of a fast spreading Internet worm named Worm/MiMail.A.
Bilingual bogus Microsoft virus.
'Paris Hilton' emails may be infected by virus.