Skip to main content
ad info

 
CNN.com technology > computing
  Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Author of 'Prolin' worm eludes authorities


In this story:

'Penguin' remains at large

RELATED STORIES, SITES icon



(CNN) -- The creator of a computer worm that spreads through Microsoft Outlook e-mail in the guise of an Internet movie has so far eluded computer security authorities. But anti-virus experts said the attachment hasn't caused major problems for corporate computer networks.

Given aliases like "Prolin" and "Creative," the worm appears in e-mails with the subject line "A great shockwave flash movie." The body of the e-mail tells readers to "check out this new flash movie that I downloaded just now. It's great. Bye."

  MESSAGE BOARD
 

However, the file attached to the e-mail does not produce a movie using Shockwave, a popular Internet animation format. Instead it unleashes a worm that, unlike a virus, can propagate itself over a network and infect other computers without assistance.

The e-mail includes the attachment creative.exe. When opened, the worm finds and alters all .jpg and zip files on the user's system, moving them to the c:\ root drive and adds an extension to the end of their names: "change atleast now to Linux."

It also forwards a copy of the worm to everyone in the user's e-mail address book.

When it first showed up earlier this month, numerous computer security companies assigned a risk rating of medium or high to the worm. By this week, however, it appeared that the quick use of filters by corporate networks managed to stave off serous infections.

"It's still spreading, but it's not causing an impact among businesses," said Vincent Weafer, director of Symantec's Anti-Virus Research Center. "We're still keeping it as a low to medium risk."

Steve Gottwals of F-Secure agreed.

"There's been no major cases and I think it's going to die down," he said. "It does come across as an executable and people are pretty wary about those things now. The education has gotten pretty good."

'Penguin' remains at large

Weafer said computer security experts have yet to identify the origin or author of the worm.

"We're doing some background. Typically it takes weeks or months to track down that information, if it's available."

The worm creator does give one possible clue. The worm generates a text file on the user's computer, which after a brief and confusing message offers a personal nickname:

"I could have even completely wiped your hard disk. Remember this is a warning & get it sound and clear . . . - The Penguin."

A penguin is the Linux mascot.

The FBI division that deals with computer network crimes declined to say whether it was investigating the worm case.

"No comment on whether I can confirm or deny it," said an FBI spokesperson.



RELATED STORIES:
Anti-virus companies warn of Shockwave worm
December 2, 2000
Low-risk Internet worm is making the rounds
November 24, 2000
Hacker attacks: You can never be too safe
November 1, 2000
Experts predict more mutating viruses
October 31, 2000
How a computer virus works
October 23, 2000

RELATED SITES:
Symantec
F-Secure
Federal Bureau of Investigation


Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 Search   

Back to the top  © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.