Sophos Warns On Trio Of Trojan/Virus Programs

Sophos has issued a warning on three malicious code programs observed over the weekend - two Trojans and one worm.

The programs - Two trojans (Troj/Kill98 and Troj/Zelu) and one virus
(W32/AntiQFX-A) - were the result of customer queries, the firm said,
and, so far, the good news is that they have not been seen in the
wild.

The IT security firm said that when the file is run, it attempts to
delete all files on the "C:" drive, making itself extremely obvious.

Troj/Zelu is also a Trojan horse. Also known as ChipTec Y2K or Y2K
Trojan, the worm appears to have been distributed at the end of 1999
as a "Y2K fix."

On some PCs the program crashes before it can do any harm, but on
others Sophos said it will pretend to fix Year 2000 problems on a
computer while really overwriting the hard disk.

Last, but not least, is W32/AntiQFX-A, a 32-bit worm program that
masquerades under the name MSCDEX.EXE (the filename usually used by a
CD ROM driver).

Sophos reported that the program tries to copy itself to other
computers on the network in an attempt to activate when they are next
rebooted. For this reason, the company said that PCs may be
re-infected quickly after they are thought to have been cleaned.

The IT security company said that since the virus needs write access
to network shares on other computers in order to infect
(or re-infect) them, it will find it hard to spread on networks where
sensible security practices are in place.

Sophos' Website is at http://www.sophos.com.

Reported by Newsbytes.com, http://www.newsbytes.com.