Antivirus software maker McAfee announced today that a new virus is making the rounds. The infection is spreading with ferocity among Web servers and desktop Windows systems alike, taking advantage of an obscure bug in the SMB file-sharing protocol that allows people named “Denis” to install software remotely without the hassle of messy passwords. A comment in the binary executeable contained the string “Netsky.Q is a wanky klooj. Shout outs to all my Web Standards peeps!”
Microsoft has denied any wrongdoing, but will issue a patch later today, and a Microsoft spokesman, who could not be reached for comment, blamed their Canadian subsidiary in a handwritten note shoved beneath the table in the diner where we did not officially meet to discuss the news.
The virus appears to do nothing harmful to your computer, does not install any registry keys or delete any vital software or install software that turns your machine into a zombie spam proxy. All it appears to do is scan both local and remote filesystems for HTML files (files with the extensions .htm, .html, .shtm, .shtml, and any file containing ‘<HTML>’ in the first 128 characters) and validate them, using the excellent CSE HTML Validator. If the file fails to properly validate to XHTML 1.0 Strict, it is deleted.
Antivirus engineer Torus Donut, of Finland’s F-Secure, says “we expect to see many variants of this bugger, validating everything according to different interpretations of the various standards; we’ve already seen a variant that tries to run a prototype CSS 3.0 validator, but it spends most of its cycles trying to decide where to install it. We’ve seen a variant that doesn’t like tables used for formatting, regardless of whether the document is valid or not. And we saw one variant that simply deleted Internet Explorer 5.5 – we figure the virus author to be a bitter ex-employee of one of the big bubble Web companies, like CKS or maybe iXL.”
Others in the industry have made guesses as to who the virus author (or authors) are; some suggested that it might be someone with a great deal of cross-browser DHTML experience, their mind unhinged by the ordeal; others suspect that the author may just be a bored and very bright devotee of Zeldman with a lot of Intel x86 assembler experience.
No matter who is responsible, however, the message is clear: don’t want your files deleted? Make sure they validate. And never execute unknown email attachments or run insecure operating systems and mail client software.
Post a Reply
Comments are closed.