WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
Both forms of the virus known to be in the wild were meant to attack Microsoft Outlook mail systems and automatically mail themselves to users in the address book. One entices recipients to open an attachment that purports to be a screensaver with a caricature of former President Bill Clinton playing the saxophone. The other has a photograph of a girl holding a flower.
In each case, the payload is potentially destructive, says Chris Wraight, technology consultant with anti-virus software vendor Sophos. "Every day at 8 a.m. it tries to delete the contents of your C, D, E and F drives," he says.
But both viruses contain flaws that may have proved fatal. The Clinton version contains a line of text, meant to appear to have been added by an anti-virus program, that reads, "No Viruse(sic) Found." The word "bye" is also mispelled as "buy." The other version contains a flaw that renders it unable to delete files.
The fact that the viruses originated in the Far East also helped. For example, Sophos' Australia location picked them up and was able to get an update out in the U.S. before the business day began Friday.