-

A new PC virus spreading across the Internet has
demonstrated the ability to update its payload.

The W95.Babylonia virus is very different from the worm
viruses that have been propagating themselves during the
past year because it doesn't spread via E-mail or require
users to click on an executable file attachment. Instead, it
spreads itself through Internet chat sessions and is able to
update its payload by causing infected PCs to download
updated virus programming through the Internet.

"This is the first time there has been a virus that goes out
and polls for new payloads," says Martin Skov, a product
manager at Network Associates. "In this way it's kind of
like antivirus software that polls antivirus-software
vendors' Web sites for software updates."

The Babylonia virus spreads itself via Internet Relay Chat.
PCs logged on to an infected server are sent an executable
file that appears to be a fix for the Y2K bug. Babylonia can
also be spread as an executable file attachment in an E-mail
message, similar to the way worm viruses are transmitted. If
the executable file is launched, the PC is infected and
begins to regularly poll a hacker Web site in Japan,
downloading virus plug-ins to the infected PC. Though
Babylonia doesn't carry a destructive payload, the plug-ins
that can change passwords, alter credit-card numbers, and
otherwise damage a PC can be posted on the hacker site for
download.

So far, 25 companies have been infected, according to a
tally by antivirus-software developers. Network Associates,
Symantec, and others have developed patches.  - Brian Riggs

----------------------------------------------------------------------------

To unsubscribe/subscribe or view archives of postings, go to the Gambia-L
Web interface at: http://maelstrom.stjohns.edu/archives/gambia-l.html

----------------------------------------------------------------------------