Posted on: Thursday, December 20, 2001

Virus hidden in 'Happy New Year' e-mail

By John Stebbins
Bloomberg News Service

CUPERTINO, Calif. — Internet surfers seeking holiday cheer might wind up with a lump of coal for a personal computer if they open an e-mail attachment that is a virus disguised as a Christmas card, security experts said.

The virus, which is actually a self-propagating program called a worm, comes with the e-mail subject line "Happy New Year." Attached to the note is a program called "Christmas. exe." If executed, the worm may seek to delete anti-virus and security programs, disable the computer and mail itself to others in the user's Microsoft Corp. Outlook address book.

"Most people have learned not to click on an attachment," so only a few people have notified the company about this, said Sharon Ruckman, senior director of Symantec Corp.'s security- response team.

Some reports indicate that the worm may also try to delete files necessary for the computer to operate, though Ruckman said that so far, Symantec hasn't found that to be the case. Symantec was first made aware of the worm this morning, she said.

The worm is known as W32/Reeezak.Amm, W32/Zacker.Cmm and W32.Maldal.Cmm, said Computer Associates International Inc. in a statement distributed by PR Newswire.

Late last month, the W32.Aliz.Worm spread to computers by mailing itself to everyone listed in the infected computer's address book. Another virus, W32.Badtrans, spread in a similar way and in some cases tracked the keystrokes of infected computers, potentially giving hackers access to passwords and other information.