What is the Warhol worm

Asks esme

A. The Warhol worm is a new virus that first hit users of Microsoft's Instant Messenger at the beginning of February. It directed users to a website identified in an email link as www.masenko-media.net/cool.html which is a porn site containing illicit material.

Not only do you get directed to this site if you click on the attached link, but the virus is said to connect you to Internet Explorer where it then exploits a known hole in the browser and attacks your entire contact list - sending the porn link to everyone in your address book.

�

Q. Why is it called the Warhol worm

A. It has been given this name because it obtains a lot of information from your PC in a short period of time, and gains its '15 minutes of fame' - a quote notoriously attributed to the artist Andy Warhol.

�

Q. How can you get rid of the virus

A. Microsoft has released a patch that apparently gets rid of six, not just this one, vulnerable holes in the Internet Explorer browser. Click here to access it.

�

Alternatively, Microsoft recommends that you update your version of MSN Messenger, as the new edition addresses this issue. An update is available online at http://messenger.microsoft.com.

�

Q. How is the MSN Messenger vulnerable

A.�There's an official note from Microsoft, available online at
http://www.newsgeek.net/go.php op=goo&lidd=2075
This notes:

'Microsoft ships a control with MSN Messenger that allows websites to show your Messenger contact's friendly name (eg 'John Smith') and make it quick and easy to establish communication with them. It was brought to our attention that this feature may be co-opted by malicious websites to collect this information. Microsoft has released an updated version of MSN Messenger that does not allow third-party websites to obtain this information' (click on the link above to obtain this update).

�

Q. I am sure I have heard the term Warhol worm before February 2002 -�is this possible

A. Yes it is more than likely. In August 2001, when hysteria about the Code Red virus had reached its peak, the term 'Warhol worm' was coined by Professor Nicholas C Weaver from Berkeley University in California, USA. He wrote and published a paper on the potential damage that a superworm could create.

Hysteria about the Code Red virus calmed when it became apparent that the Code Red virus did not propagate and hit the White House server on pre-set dates, as had been predicted. But Weaver believed that it was possible to create such a superworm and hit over one million PCs in just eight minutes.

To do this the Warhol worm would overcome the problem faced by most worms - it would obtain the ability to connect to its critical mass of infected hosts (ie as many PCs as possible at the same time) by pre-scanning the internet and generating a hit list of a few thousand vulnerable machines with fast internet connections.

The information on the hitlist would be input into the makeup of the worm and divided up onto different infected machines - and it would then hit them all at once with a virus - what Weaver calls a 'divide and conquer' strategy.

�

Q. How do I ensure that a virus does not infect my PC

A. There is no sure way of ensuring that your computer remains virus-free, but you can install an anti-virus program (or several programs) as a precaution. A virus' main aim is to get onto your computer, replicate itself and then spread onto other computers - so it is likely to be carried on a floppy disk, CD or via the internet (usually in an email), so it is important that any virus-protection program you install scans these outlets.

Anti-virus software can be either on-demand (which means you choose to have it scan a disk etc) or on-access (it checks files automatically as you open them). While it is good practice to have more than one anti-virus program on your computer, it is not advisable to have two on-access scanners running at the same time, as two scanners trying to scan a file simultaneously can confuse your computer.

Common sense should also prevail; most viruses won't start working until they are switched on. As these are often sent via email the best way to avoid kick-starting the virus is to delete any suspicious emails and not open them. In general avoid opening any attachments if you don't know who the email is from.

�

If you want to be completely up-to-date with your virus protection it is good to check out some anti-virus websites. These include:

�

http://www.symantec.com

http://www.mcafeeb2b.com

http://antivirus.cai.com

http://www.cknow.com

http://www.pchell.com

�

If you have any other Internet & Technology related questions, please click here

�

by Karen Anderson