HOME >> IT Security >> Computer Virus Incident Reports [summary]
Computer Virus Incident Reports [summary]
February 7 2002
Information-technology Promotion Agency
Security Center (IPA/ISEC)
W32/Badtrans is still going around!
The actual damage seems to be decreasing!
This is a summary of Computer Virus Incident Reports for January 2002 compiled by IPA: Information-technology Promotion Agency (President: Shigeo Muraoka). 2283 reports were submitted to IPA in January, which was over the monthly average (2021 reports) in the last year and still remains high.
W32/Badtrans is still going around but the actual damage seems to be decreasing.
A variant of W32/Badtrans widespread last year accounted for 60% (1381 reports) (2701 reports for December) of a total number of reports submitted in January, and which still remain high. However, the actual damage dropped by 5.8% (20.1% in December to 14.3%), and which shows that it has been getting more common to take measurements, such as solving vulnerabilities. The percentage of the actual damage to the total reports in January was 13.6 (19% in December), which was the smallest compare to those 7 months when we got over 2000 reports.
W32/Myparty looks as if it were some Web site
This virus has an attachment called www.myparty.yahoo.com. It seems to be easy to open it as it looks as if it were some link. Once you open the attachment, it will infect and send itself with an attachment. Be sure not to open something instantly even if you think you are familiar with it by just looking.
Example of an email sent by W32/Myparty
Warning for this month: Don't miss a sign
of the infection!!
=====Check the system with anti-virus software=====
Once infected by viruses which misuse emailing systems, you soon become an attacker who sends infected emails rather than a victim, so it is important to recover as soon as possible. If there is any signs of the infection described as follows, you need to check the system with the up-to-date anti-virus software to discover the virus and deal with it. You need to keep it updated by checking at least once a week. (Some company checks to update it every single day or even hour.)
The virus detection file is called as "a definition file" or "a pattern file" or "a signature file".
An example of the infection: You receive many emails from "MAILER-DAEMON"
In case you receive many emails that show the failure in sending themselves, which is usually caused by a virus that has automatically sent itself but those returned as the receivers were unknown. Most of the viruses that misuse emailing systems don't leave any records in the sending record of the email software so that users cannot confirm whether the emails are sent by a virus or not.
An email sent by MAILER-DAEMON looks like above
Other likely signs of the infection are as follows:
- When you boot up a PC, a screen for dial up connection will be shown and try to connect to Internet too many times
- It takes too much time to send/receive emails.
- When watching the Web site or booting up an application, it crashes too often.
For inquiry
IPA Security Center (IPA/ISEC)
(ISEC: Information technology SEcurity Center)
Phone: 03-5978-7508 FAX:03-5978-7518 E-mail: 
Emergency call: 03-5978-7509 URL: http://www.ipa.go.jp/security/