New 'Goner' Computer Virus Surfaces

A new computer virus called Goner is spreading through the Internet today.

Although not as technically sophisticated as recent worms such as Nimda or Badtrans, experts warn that the rapidly propagating Goner program is already slowing down the Internet and causing minor damage to thousands of users' computers.

A senior Washington official told ABCNEWS, however, that government computer systems were not affected by this latest cyber attack. The official said a new threat warning system — developed in conjunction with the private sector after last summer's Code Red worm attacks — had helped to get the word out about the new Goner worm early this morning.

Like other so-called computer worms, Goner spreads through Microsoft's popular Outlook e-mail program. The file arrives as an attachment to an e-mail with the subject line of "Hi." The e-mail message reads: "How are you? When I saw this screen saver, I immediately thought about you I am in a harry [sic], I promise you will love it."

If unsuspecting recipients open the attached file, goner.scr, the computer will appear to install a screen saver until a bogus error message apparently stops the process. By then, experts say, the virus will have attached itself to a new e-mail, and is then sent to all the e-mail addresses listed in the Outlook progam.

The Goner virus can also spread through a popular instant message program known as ICQ.

In addition, the virus, officially dubbed W32.Goner.A@mm, will begin to secretly delete any security files — anti-virus and so-called personal firewall programs — installed on the infected PC. It will also install itself within the Windows operating system so that whenever the infected computer is restarted, the virus will spread unless it is removed.

Open for Future Evil?

Some security firms are trying to determine if the virus will also leave a so-called back-door program that may leave the infected PC vulnerable to further mischievous uses.

Kevin Haley, the group product manager for Symantec Security Response, says his team has found what may be additional code in the bug allowing a hacker to use the infected PC to flood another computer with data. These "denial of service" attacks were common in other e-mail worms such as the Code Red bug, which was designed to attack the White House Web site.

Others aren't quite sure that the virus is that complex. "We have been trying to replicate [the denial of service] component all day," says April Goostree, virus research manager for McAfee.com. "As far as Mcafee can confirm, we haven't seen it yet."

Faster Than Last Year's Love Bug

Goostree and others note that it's still too early to tell who created this latest virus, or for what purpose. But the one thing most agree on: It's spreading fast.

Security experts say the virus appears to have started in Europe early today and has already started slowing down some computer networks in the United States. MessageLabs, an e-mail security company in Gloucester, England, says it has intercepted more than 23,000 infected messages since 5:49 a.m. ET. As of this`afternoon, the company was still receiving about 100 infected e-mail messages per minute.

Page
  • 1
  • |
  • 2
Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
 
You Might Also Like...