New ‘Goner’ Computer Virus Surfaces
A new computer virus called Goner is spreading through the Internet today.
Although not as technically sophisticated as recent worms such as Nimda or Badtrans, experts warn that the rapidly propagating Goner program is already slowing down the Internet and causing minor damage to thousands of users’ computers.
A senior Washington official told ABCNEWS, however, that government computer systems were not affected by this latest cyber attack. The official said a new threat warning system — developed in conjunction with the private sector after last summer’s Code Red worm attacks — had helped to get the word out about the new Goner worm early this morning.
Like other so-called computer worms, Goner spreads through Microsoft’s popular Outlook e-mail program. The file arrives as an attachment to an e-mail with the subject line of “Hi.” The e-mail message reads: “How are you? When I saw this screen saver, I immediately thought about you I am in a harry [sic], I promise you will love it.”
If unsuspecting recipients open the attached file, goner.scr, the computer will appear to install a screen saver until a bogus error message apparently stops the process. By then, experts say, the virus will have attached itself to a new e-mail, and is then sent to all the e-mail addresses listed in the Outlook progam.
The Goner virus can also spread through a popular instant message program known as ICQ.
In addition, the virus, officially dubbed W32.Goner.A@mm, will begin to secretly delete any security files — anti-virus and so-called personal firewall programs — installed on the infected PC. It will also install itself within the Windows operating system so that whenever the infected computer is restarted, the virus will spread unless it is removed.
Open for Future Evil?
Some security firms are trying to determine if the virus will also leave a so-called back-door program that may leave the infected PC vulnerable to further mischievous uses.
Kevin Haley, the group product manager for Symantec Security Response, says his team has found what may be additional code in the bug allowing a hacker to use the infected PC to flood another computer with data. These “denial of service” attacks were common in other e-mail worms such as the Code Red bug, which was designed to attack the White House Web site.
Others aren’t quite sure that the virus is that complex. “We have been trying to replicate [the denial of service] component all day,” says April Goostree, virus research manager for McAfee.com. “As far as Mcafee can confirm, we haven’t seen it yet.”
Faster Than Last Year’s Love Bug
Goostree and others note that it’s still too early to tell who created this latest virus, or for what purpose. But the one thing most agree on: It’s spreading fast.
Security experts say the virus appears to have started in Europe early today and has already started slowing down some computer networks in the United States. MessageLabs, an e-mail security company in Gloucester, England, says it has intercepted more than 23,000 infected messages since 5:49 a.m. ET. As of this`afternoon, the company was still receiving about 100 infected e-mail messages per minute.
By the company’s estimates, the rapid spread of the Goner bug will rival the outbreak of the Love Bug virus, which caused millions of dollars in damage in April 2000. “Goner is one of the most incredibly fast-moving and potentially dangerous e-mail viruses we’ve seen,” says Mark Sunner, chief technology officer of MessageLabs.
Jerry Freese, director of intelligence at Vigilinx, a security firm in Parsippany, N.J., says the new virus isn’t very sophisticated. But the e-mail’s apparently innocuous message is fueling the virus’ rapid outbreak. “Who thinks that a screen saver is going to hammer their system?” he asks.
Freese and other experts say that since Goner cannot spread without opening the infected file, a user’s best course of action to avoid the bug is to delete any suspicious e-mail messages that match Goner’s description. By late today, many anti-virus software makers have created and released updates for their security programs to help corporate customers and computer users to protect their computers from the new Goner worm.