HOME >> IT Security >> Computer Virus Incident Reports (abstract)

Computer Virus Incident Reports (abstract)

October 6, 2000

ISEC
Information-technology Promotion Agency

1. Computer Virus Incident Reports for September, 2000

This is a summary of Computer Virus Incident Reports for September 2000, compiled by IPA: Information-technology Promotion Agency (President: Shigeo Muraoka).

  • Total number of incident reports: 676 (556 in August: 5,222 from January to September 2000.)

    [232 in September 1999, 3,645 in the year 1999 (monthly average of 304), 2,783 from January to September 1999.]
    [Cumulative number of reports from April 1990 to September 2000 is 17,064]

  • Circumstances:

    Only about 10% (91 reports) out of 676 total reports this month showed the actual infection. Email was the most common source of virus with approximately 91% of total reports. Email from overseas counted more than 50%.

    45 kinds of virus were reported in September. 3 kinds of new viruses were reported to IPA in September: W97M/Bablas, W32/MTX, and W32/QAZ.

2. Release notes for September

(1) Be careful about new virus "W32/MTX"

There are many reports and inquiries about this new virus. W32/MTX infects Win32 executable files. Like W32/Ska (Happy99), it propagates by sending out a copy of itself to whoever the infected user sends an email to. The name of the infected attachment files vary depending on the date, and the file has either one of ".PIF", ".EXE", or "SCR" extension. You should especially be careful with ".PIF" file because Windows system doesn't show .pif extension and the file may look like ordinary text files or other files.

There is a high possibility of many system files getting infected once the virus is run. If you are infected you should format the disk and reinstall the system to make sure the system is completely free from virus. Therefore you need to take enough caution not to open the attachments without checking. To avoid infection, you should follow the very basic anti-virus policy: do not open attachment files carelessly.

(2) Make sure you update your anti-virus program

Virus emergency center receives many inquiry calls from users who haven't updated their anti-virus programs. To be able to scan new viruses that are found every month, you should update virus pattern file of your anti-virus program at least once or every other week. You should also add ".pif" and other extensions to the scanning list.

For information on updates and how to configure the file scanning list, please visit the following or anti-virus vendors' sites:

(3) Invitation to IPA Information Security Seminar

IPA and Bureaus of International Trade and Industry of MITI will co-host the "Information Security Seminar" from October 23 to December 8 at 14 locations across Japan (15 seminars in total). This year, 2 separate courses for "end users" and "System Administrators" are provided for free of charge.

Details about place, date, and registration are available at the following URL:

For questions, please contact:
Office of Computer Virus Countermeasures (OCVC)
Information-technology Promotion Agency
TEL: (03) 5978-7508 FAX: (03) 5978-7518 E-mail: Please feel free to call at +81-3-5978-7517.

Computer Virus Incident Reporting Program

The Ministry of International Trade and Industry announced "Computer Virus Prevention Guidelines" to prevent the spread of computer viruses in Japan. IPA was designated to receive the "Computer Virus Damage Report" directly from the infected users to investigate virus problem and to provide monthly statistics. This reporting system started in April 1990. Anyone who has encountered computer virus is supposed to send a virus report with necessary information to IPA to prevent further spread and damage of viruses.

IPA deals with each reporter (user) on an individual basis as a consultant, and also works as a public research institute for antivirus measures by analyzing problems showed on the damage report. Taking reporters' privacy into full consideration, IPA periodically publishes the result of their research and analysis on computer virus incident.

Computer Virus Prevention Guidelines:
  • Enactment on April 10, 1990 (release No.139)
  • Amendment on July 7, 1995 (release No. 429)
  • Amendment on September 24, 1997 (release No. 535)

Prevalence Table – September 2000

There were 45 kinds of viruses reported during September. Most frequently reported viruses were X97M/Divi (100 reports) and XM/Laroux (93 reports). 3 kinds of new viruses, W97M/Bablas, W32/MTX, and W32/QAZ (marked with a "*" sign) were reported to IPA for the first time (Macro and Script viruses: 584 reports, Windows and DOS viruses: 93 reports). Some reports contain multiple infection, therefore the sum total doesn't match with 676 (total number of September report).

Macro Virus No. of report
X97M/Divi 100
XM/Laroux 93
X97M/Barisada 50
W97M/X97M/P97M/
Tristate 		34
W97M/Marker 27
W97M/Class 13
W97M/Ethan 9
W97M/Melissa 9
XM/VCX.A 8
W97M/X97M/Shiver 6
W97M/Locale 5
W97M/Vmpck1 5
W97M/Groov 3
W97M/Myna 3
WM/Cap 3
W97M/Eight 2
W97M/Panther 2
W97M/Smac 2
W97M/Story 2
W97M/Walker 2
W97M/Bablas (*) 1
W97M/Chack 1
W97M/Nsi 1
W97M/Opey 1
Macro Virus No. of report
W97M/Thus 1
W97M/Verlor 1
X97M/Sugar 1
XF/Sic 1
Script virus No. of report
VBS/LOVELETTER 82
VBS/Stages 57
Wscript/Kakworm 57
VBS/Freelink 1
VBS/Netlog 1
Windows, DOS virus No. of report
W32/PrettyPark 29
W32/Ska 26
W32/MTX (*) 11
W32/Funlove 8
W32/CIH 5
W32/Fix2001 5
AntiCMOS 3
Form 2
Kampana 1
McGyver.2803 1
W32/Marburg 1
W32/QAZ (*) 1

Note) The abbreviation used in the "Name of Virus" are as follows:

WM MSWord95 (WordMacro)
W97M MSWord97 (Word97Macro)
XM, XF MSExcel95, 97 (ExcelMacro, ExcelFormula)
X97M MSExcel97 (Excel97Macro)
W97M/X97M/P97M MSWord97, MSExcel97, MSPowerpoint97(Word97Macro / Excel97Macro / PowerPoint97Macro)
W32 works under Windows32
VBS written in VisualBasicScript
Wscript works under Windows Scripting Host (WSH) excluding VBS
Top Page