E-mail virus spreads in Stages

An e-mail virus disguised as a text file attachment has begun spreading itself widely across the Internet weeks after it was first discovered.

The worm – which arrives as a joke about the various stages of male and female life and comes with many subject headers, including “Funny” and “Life-Stages” – could cause e-mail servers to become clogged because of its ability to quickly copy itself to others via Microsoft Corp.’s Outlook e-mail client once it is launched, antivirus experts warned.

But initial research shows that the worm, which is called Life-Stages.txt.shs, doesn’t damage any files or corrupt data, antivirus experts said.

“It is similar to the Love Letter (virus) in the way it sends itself out to everyone in your e-mail address book,” said Patrick Martin, a product manager for Symantec Corp., referring to the recent ILOVEYOU bug.

“The real risk this one poses is e-mail flooding,” he said. In its assessment of the worm posted on its Web site, Symantec deemed damage from the worm as low, its distribution in the wild as high and the ability of systems administrators to contain the bug as relatively good.

Carnegie Mellon University’s Computer Emergency Response Team (CERT), which posted an alert on the worm, claimed that it had reports of individual users receiving as many as 30 copies of the bug. And some large sites reported as many as 120,000 copies passing through a single server, CERT said.

The Life-Stages.txt.shs virus, which is also known as IRC-Stages. A and SHS-Stages. A, is a so-called Shell Scrap Object file that contains malicious Visual Basic script code, according to a CERT description of the worn.

The file uses a .shs filename extension, which belongs to a group of file extensions that are usually hidden from users by Windows. That allows the worm to appear as an innocent text file on users’ e-mail, even though it contains executable code, McMahon said.

Life-Stages is only the latest in a growing list of malicious programs to take advantage of some Windows default behaviour to hide certain file extensions, according to a separate CERT alert.

Though a user may disable the option to hide some file extensions, the .shs file extension – exploited by the latest worm – is one that continues to remain hidden from the user even after the default option is turned off, CERT warned. The result is that users have no way of knowing if the file contains executable code or not, the CERT report said. CERT recommended steps for users to get around this problem in its alert.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now