Advertisement
Technology and the Internet

Amid Confusion of Y2K, Beware of Computer Viruses

By ASHLEY DUNN
Share
TIMES STAFF WRITER

If the year 2000 computer problem isn’t bad enough by itself, virus hunters are now warning that a spurt of computer viruses may trigger around Jan. 1 as a grand send-off for the century.

For the last few months, researchers have been detecting a variety of viruses that they suspect are designed to hide in the confusion of Jan. 1--a day when computer technicians will be focused on the so-called millennium bug computer glitch, popularly known as Y2K.

“For virus writers, this is a great opportunity,” said Vincent Weafer, head of Symantec’s AntiVirus Research Center in Santa Monica. “You’re guaranteed to get attention, and everyone will be worrying about the year 2000.”

Advertisement

“Is it a bug? Is it Y2K? Is it a virus?” he said. “Clearly it is going to be a time of confusion, so it’s a good time for viruses to spread.”

So far, the number of Y2K viruses--all of which spread via e-mail and affect only computers using the Windows operating system--has been tiny.

Symantec, which makes Norton AntiVirus software, has reported about half a dozen new viruses. Network Associates, the maker of the McAfee anti-virus program, has found roughly the same number.

Cupertino, Calif.-based Trend Micro Inc., which primarily makes anti-virus software for corporate networks, has listed a few dozen viruses, although most are old viruses that will trigger within a few weeks of New Year’s Day.

But given the anxiety about the year 2000 problem and the persistent efforts of virus writers to come up with the best and most attention-getting viruses, researchers are preparing for the worst even if it doesn’t happen.

“We expect the hype to be much greater than the reality,” said Daniel Schrader, vice president of new technology for Trend Micro. “The problem is probably more conceptual than real, but no one knows what’s coming.”

Advertisement

If there is a burst of viruses on New Year’s Day, it would cap an unusually active year for viral computer infections.

This year brought not only a high number of viruses but also the rise of a particularly fast-moving variety known as “worms,” which spread by automatically mailing themselves to e-mail addresses stored on an infected computer.

Worms such as Melissa, Happy99 and ExploreZip infected thousands of computers, often spreading around the world in a matter of hours.

While these worms attracted most of the attention, researchers had already begun to read on hacker Web sites about viruses that hinged on the fear of the year 2000 computer glitch.

One rumor was that a competition had been started among virus hackers to create the longest-lived virus that would trigger on Jan. 1.

The year 2000 problem is an odd computer glitch that stems from the decades-old tradition of using two digits to represent years in computer programs.

Advertisement

In 2000, the two-digit abbreviation, “00,” creates an ambiguous situation in which some computers could interpret the date as either “1900” or “2000.”

For hackers, the year 2000 problem was an invitation for mischief since it has been such a consuming distraction for computer system administrators and technicians.

Some of the first Y2K viruses were simply old viruses that used the year 2000 as a way of getting computer users to activate the programs--a technique that hackers refer to as “social engineering,” or the use of trickery instead of technology to spread a virus.

The viruses known as Y2KCount and Fix2001 both came attached to messages that said they were year 2000 repair programs. When the messages were opened, the viruses activated themselves.

The more common Y2K viruses fall into a group that simply uses Jan. 1 as their trigger date to activate.

The viruses may infect a computer weeks or months in advance and sit quietly waiting for their activation dates. The theory is that by hiding for a short period, the virus can quietly spread without being detected.

Advertisement

Sal Viveros, director of anti-virus software for Network Associates, said that the first of any month has traditionally been the most popular trigger date. While there are usually about one or two viruses spotted each day, the first of the month typically brings about four, he said.

Jan. 1 has drawn a few more than normal, “but at this point, it’s nothing huge yet,” he said.

The most cunning form of Y2K viruses is that designed to cause problems that look similar to year 2000 malfunctions.

One example is the virus known as Mypics, which mimics an error with a computer’s Basic Input Output System, or BIOS--one of the key areas affected by the Y2K glitch. When the computer is restarted, the virus will try to reformat the computer’s hard drive.

One of the most sophisticated of the Y2K viruses is one known as Babylonia, which was first noticed this month. The virus appeared in Internet newsgroups as a year 2000 repair program.

The virus was designed to sit dormant until 2000, when it would try to connect with a Web site in Japan that contained a variety of damaging programs that would be automatically sent to the infected computer.

Advertisement

Mypics was first noticed early this month and has caused few problems. Like most viruses, it is only a matter of days or sometimes hours before countermeasures are created and sent to anti-virus users.

Network Associates’ Viveros said he believes the frequency of Y2K viruses seems to have slowed in the last few weeks, and he predicted there will be few problems on Saturday.

One possible reason was the guilty plea on Dec. 10 by the author of the Melissa virus, David Smith. Smith’s conviction may be dampening the enthusiasm of other virus hackers, Viveros said.

Schrader of Trend Micro said he has seen a 75% increase in virus incidents in the last month.

But he added that in the grand scheme of virus outbreaks, a 75% increase was nothing special. The Melissa virus, for example, brought a 400% increase in virus incidents.

Schrader also predicted few serious incidents in January.

“Viruses come in spurts,” he said. “Seventy-five percent is an increase, but it’s not a major outbreak. It’s nothing dramatic or frightening.”

Advertisement

(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)

Selected Y2K Viruses

Virus researchers are warning that Jan. 1 could bring a spurt of computer viruses that hinge in some way on the year 2000 computer glitch. Some of the viruses are programmed to activate themselves on Jan. 1 in an attempt to hide in the confusion of the century change. Others try to imitate year 2000 computer malfunctions. So far, only a few Y2K viruses have been found.

*

* Babylonia: A virus discovered Dec. 7 as a Windows help file named “serialz.hlp,” which appeared to provide a list of serial numbers for commercial software. One version of the virus is programmed to activate itself at midnight on Dec. 31.

* Mypics: A computer worm, detected in early December, that propagates via e-mail. It is received as an e-mail attachment named “Pics4You.exe.” The worm tries to imitate a year 2000 problem in the infected computer’s Basic Input Output System. When the computer is restarted, the virus will reformat the computer’s hard disk drive.

* Fix2001: An Internet worm that arrives via e-mail. The message is titled: “Internet problem year 2000.” It is sent by a person called “Administrator.” When the Fix2001 program is activated, it will try to destroy all the information on a hard disk drive.

* Y2KCount: This virus arrives as a bogus message from Microsoft that contains a year 2000 countdown program. The program is actually a virus that appears to search for passwords and log-ins contained in e-mail.

* Lancheck: This virus does nothing destructive. It simply fools users into believing that files are being deleted from their systems. The file spreads to Microsoft customers from a phony e-mail address. The e-mail tells recipients to run the attached program (LANCHECK.EXE) to make their systems Y2K compliant. When executed, the program displays a fake message showing files being deleted from the system.

Advertisement

*

Sources: Symantec AntiVirus Research Center, Network Associates, Trend Micro

* Y2K GLITCHES

A 911 system and a British credit card system failed. Related news. C3

Technology and the InternetWorld & NationBusiness
Ashley Dunn

Ashley Dunn is the former weekend editor at the Los Angeles Times. He previously served as assistant managing editor in charge of California news. Dunn joined The Times in 1986 as a suburban reporter in the San Gabriel Valley and later moved to the Metro section, where he participated in coverage of the 1989 Loma Prieta earthquake and the 1992 Los Angeles riots. After a stint at the New York Times, Dunn returned to Los Angeles in 1998 as a reporter and then editor in The Times’ Business section. He later was named to run science coverage. He worked as deputy national editor from 2007 to 2011 and played a central role in the coverage of some of the biggest national stories of recent years, including the 2010 oil spill in the Gulf of Mexico and the 2008 election of President Obama. Prior to his career at The Times, Dunn worked at the South China Morning Post in Hong Kong, the Danbury News-Times in Connecticut and the Seattle Post-Intelligencer. Dunn is a California native who has worked as a dishwasher in Sacramento, a printer in San Francisco and a bicycle repairman in Walnut Creek. He has lived along the levees of the Sacramento Delta, the Powell-Hyde Street cable car line and the shaded streets of Pasadena. He is a graduate of UC Berkeley with a degree in English.

More From the Los Angeles Times

Advertisement