Fri, Feb 09, 2007 - Page 2 News List

MSN virus spreading quickly in Taiwan

REMOTE CONTROL Messaging users around the nation have been affected by a backdoor threat that could allow hackers to take control of their computer, experts warned

By Wang Pei-hua  /  STAFF REPORTER

A destructive MSN Messenger virus has been infecting computers across Taiwan over the past week.

Thousands of users have received a link from friends, only to click on it and discover a backdoor virus has been installed on their computers, potentially giving someone else control over it.

Users who have had their PCs infected said that clicking on the MSN link caused their list of contacts to disappear and it became impossible to close MSN Messenger.

Some users also said that data was wiped off their computers, while others found nothing untoward after clicking on the Messenger link.

MSN representatives said that they were not yet clear how widespread the virus was.

Representatives of Microsoft Taiwan's MSN department said that by following the infected link, they have detected a backdoor virus named BKDR_RINBOT.A, which can access information or record keystrokes.

However, providers of antivirus software believed a different virus was involved.

Patrick Wang (王岳忠), a systems engineer manager from Symantec Greater China said that the virus really was the Backdoor.irc.Bot virus, which turned the computer into a "zombie" that can be controlled by a hacker.

Wang said that it was not a new virus and that it was added to Symantec's virus definitions as early as 2003. At that time, it was passed on via e-mail, but it is now instead being spread via real time communications software.

The virus uses the contact list to send the link so that the recipient will be taken off guard. The purpose of this kind of attack is two-fold: to obtain more contacts to continue to spread the virus, and to gain full control of the infected computer, Wang said.

A representative of TrendLab at antivirus software manufacturer Trend Micro said that infected computers would execute the virus every time the computer was rebooted and tried to connect to an IRC chat room server so that computers connecting to that server would become infected by the virus.

That would allow a hacker to alter files on the infected computer and even launch an attack on a Web site.

TrendLab also warned that it was becoming increasingly common for viruses to be spread via communication applications and that "Bot" viruses that turn computers into "zombies" were increasing by 15 percent every month. It also said the reason Microsoft had identified a different virus could be because it carried another virus or was mutating.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top