April 4, 2002
Information-technology Promotion Agency
Security Center (IPA/ISEC)
Computer Virus Incident Reports [summary]
The first virus with a Japanese subject that infects an email appeared!!
This is a summary of Computer Virus Incident Reports of February 2002 compiled by IPA: Information-technology Promotion Agency (President: Shigeo Muraoka). 1460 reports were submitted to IPA in March, which figure was about the same as the last month (1439 reports). But the actual damage rate slightly increased from 8.8% in February to 10.5% in March.
A new virus called W32/Fbound with a Japanese subject appeared!!
W32/Fbound Virus with using a Japanese subject appeared and 212 cases were reported. This virus is the first virus of using Japanese for subject.
It arrives from acquaintance so many people did not suspect what it was but open it and got infected. The basic principle of not to open the email attachment easily was not kept, therefore the actual damage rate went high of 26.4%.
An Email from W32/Fbound looks like above (under
Japanese)
Since a virus is a program, it is often altered, such as added a new function,
modified in a small part. Those something
different from their originals are called
`variants'. The top 3 reports (W32/Badtrans,
W32/Klez, W32/Fbound) in March were all variants.
Variants are often vicious by changing originals
and their damages are tend to be more serious. Also, their motions are different from
their originals so that there usually needs
different prevention measurements and ways
to deal with when infected. Even anti-virus
software that detects original virus cannot sometimes find the variant. Therefore, it is important to collect the
latest information daily and update anti-virus software (virus detect
data file*) firmly. (*The name is called differently by vendors.
For example, definition file, pattern file,
signature file, etc.)
Warning for this month: Do not double click the attachment file too easily!!
------The basic prevention measurement for viruses------
We suggest you to open attachment files even they are sent by your friends and acquaintances after the detection by anti-virus software.
(We recommend to set usual watching mode(*) which automatically detects viruses.) Also, it is an absolutely basic not to open any attachment files without confirmation of security. (The names are called differently depending on anti-virus software. e.g. real time protection, real time detection, real time monitor, etc.)
All the new 3 viruses are ones that not will be infected unless users open the files. Especially the case infected by W32/Fbound, they did not detect by anti-virus software and double clicked the attachment files too easily, which shows the situation where the basic principle is not kept well.
Reference: Representing examples of icon of extension often used by viruses
 VBS/SST
AnnaKournikova.jpg.vbs |
 W32/Fbound
patch.exe |
 W32/Mylife
cari.scr |
 W32/MTX
LOVE LETTER FOR YOU.TXT.pif |
 W32/Magistr
BLADE.bat |
 W32/Sircam
機密書類.doc.lnk |
At the beginning of a new virus is spreading, sometimes, even the anti-virus
software with updated the latest version cannot detect it. Do not believe anti-virus software too much. It is desirable to ask the sender and use it after
a security check.
The survey of damage situation by computer viruses
To figure out the reality of a damage situation by viruses within the country and abroad beyond reports, we had done the survey of damage situation by questionnaires. We summarized the survey result as "The summary of the result of damage situation by computer viruses" and attached it. Please refer to it. Details are available at the sites noted below.
The survey report of the domestic damage situation by computer virus
The survey report of the foreign damage situation by computer virus
Inquiry: IPA Security Center (IPA/ISEC)
(ISEC: Information technology SEcurity Center)
Phone: 03-5978-7508
FAX: 03-5978-7518 E-mail: isec-info@ipa.go.jp