Version: 2008
  • On The Insider: Miley Cyrus in Sex and the City 2

November 30, 2000 10:10 AM PST

Retooled Navidad virus on the loose

By Gwendolyn Mariano
Staff Writer, CNET News

  • Post a comment
Related Stories

"Romeo and Juliet" bug spreads on Outlook

 November 21, 2000

Christmas virus causes mild clamor on the desktop

 November 10, 2000

Love virus variant plagues email systems

 October 20, 2000
Symantec's AntiVirus Research Center has discovered a new, more potent variant to the "Navidad" virus.

Early this month, the email virus infected computers in at least 10 Fortune 500 companies, causing more annoyance than destruction, computer experts said.

That original version had buggy code, disabling a relaunch feature that was intended to bombard victims with repeated attacks. That bad code has been fixed in a new version, making it potentially more damaging. In all other respects, the two variations are identical.

The virus infects Microsoft's Outlook email application, arriving as a reply when a person sends a message to an infected computer. If the attachment, "navidad.exe," is run, a message in Spanish reads: "Never press this button." If the button is pressed, a further message reads: "Feliz Navidad. Unfortunately you have given in to temptation and will lose your computer."

Patrick Martin, program manager for Symantec's AntiVirus Research Center (SARC), said the variant was discovered Tuesday. SARC is giving it a threat level of three--with five considered the highest security threat.

"It's out there; we're keeping our eyes on it, but there's no need to panic," Martin said. "It's definitely not anything like 'Love Letter.' It largely doesn't do anything damaging to your system, and it spreads itself a lot more slowly."

Martin said that the original Navidad worm would launch only once, inserting itself in a reply to all emails with attachments in the victim's in-box. In the new version, the worm relaunches every time the email program is activated.

Martin said the original version included a typo disabling the repeat launch feature. He said it looked like someone had fixed the problem.

"It's like you were a terrorist, and you designed a bomb, but you didn't plug in the fuse right," Martin said. "Somebody else came along and...fixed it so it would do its dirty work correctly."

Martin said that SARC suspects the Navidad virus may have started somewhere in Latin America.

"It caught attention because of the term Navidad," Martin said. "People thought it was a Christmas worm...Since a lot of text that shows up is in Spanish, we assume it probably came somewhere in Latin America."

advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Symantec (-0.22%) -0.04 18.32
Dow Jones Industrials (0.31%) 33.18 10,606.86
S&P 500 (0.40%) 4.55 1,141.69
NASDAQ (-0.05%) -1.04 2,300.05
CNET TECH (-0.49%) -8.07 1,643.19
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET