Photos

HOME | VIRUS ALERT | Kids Korner | Classifieds | E-Mail | Sunshine Girl | Gas Prices | Travel | Downloads | Cottage Rentals | Message Boards | Lottery Numbers | Movie Listings | Yellow Page | The Mall | Links | Site Search |Photot albums | World News | Entertainmet News | Daily Cartoon | Trivia | News Letter|

 
Vote worm preys on WTC bombing anxiety
This worm capitalizes on the recent World Trade Center bombings by asking e-mail recipients to vote on who is at war.
By Robert Vamosi, ZDNet Reviews
September 24, 2001

In total bad taste, the Vote worm spreads a message of Us vs. Them through the Internet in the aftermath of the World Trade Center bombings. In addition to sending itself out to every address in one's Microsoft Outlook address book, however, Vote (W32.Vote.A@mm) also attempts to delete Windows directory files and/or reformat the infected user's hard drive. At present Vote is not spreading very fast, however, given its ability to delete files, this worm ranks as a 6 on the ZDNet Virus Meter.

How it works
Vote arrives as an e-mail with the following information:

Subject: Fwd: Peace BeTween AmeriCa And IsLam

Body: Hi! iS iT A waR Against AmeriCa Or IsLam! Let's Vote To Live in Peace!

Attached: WTC.EXE

If the attached file is opened, Vote will install two .vbs files on the hard drive.

MixDaLaL.vbs will attempt to overwrite all files ending with .htm or .html with the following phrase:

    AmeRiCa ...Few Days WiLL Show You What We Can Do !!! It's Our Turn > > > ZaCkEr is So Sorry For You.

The second .vbs file, ZaCker.vbs, will add a line to the registry that will run the vbs script the next time the computer is rebooted. ZaCker.vbs attempts to delete all files in the Windows directory and add a Format C: command to the autoexec.bat file. It will also display the following message:

    I promiss We WiLL Rule The World Again...By The Way,You Are Captured By ZaCker!!!"

Removal
Antivirus software companies are in the process of updating their signature files to include Vote. For more information on removing Vote from your system, see McAfee, Symantec, and Trend Micro.

Prevention
Here are the basic steps for containing the latest worm:

  1. Download Microsoft's Outlook Security Patch. If you haven't already installed it, download the Outlook 98 Security Patch or the Outlook 2000 Security Patch. Please note that this patch does not include Outlook Express. Click here for help with installation, or for more information regarding this patch.

  2. Turn off Windows Scripting Host. Recent virus outbreaks have exploited known vulnerabilities in Visual Basic Scripting under Windows. To limit your risk of infection, you should turn off Windows Scripting Host. For a complete discussion of the pros and cons of removing Windows Scripting Host, read this article: To script or not to script.

  3. "Don't open attachments!" One of the best ways to prevent virus infections is not to open attachments, especially when viruses such as this virus are being actively circulated. Even if the e-mail is from a known source, be careful. A few viruses take the mailing lists from an infected computer and send out new messages with its destructive payload attached. Always scan the attached files first for viruses. Unless it's a file or an image you are expecting, delete it.

  4. Stay informed. Did you know that there are virus and security alerts almost every day? Keep up-to-date on breaking viruses and solutions by bookmarking our Alerts & Solutions page.

  5. Get protected. If you don't already have virus protection software on your machine, you should. If you're a home or individual user, it's as easy as downloading any of these top-rated programs then following the installation instructions. If you're on a network, check with your network administrator first.

  6. Scan your system regularly. If you're just loading anti-virus software for the first time, it's a good idea to let it scan your entire system. It's better to start with your PC clean and free of virus problems. Often the antivirus program can be set to scan each time the computer is rebooted or on a periodic schedule. Some will scan in the background while you are connected to the Internet. Make it a regular habit to scan for viruses.

  7. Update your antivirus software. Now that you have virus protection software installed, make sure it's up-to-date. Some antivirus protection programs have a feature that will automatically link to the Internet and add new virus detection code whenever the software vendor discovers a new threat. You can also scan your system for the latest security updates here.