FBI alarm over virus that calls the police

The 911 virus is a batch file worm that propagates across the internet by scanning for and exploiting computers configured to share their drives with other users, called Windows shares. This is different to viruses such as Melissa that spread through email.

The FBI’s National Infrastructure Protection Center, which rarely comments on viruses, reported a “relatively limited dissemination of this script in the Houston, Texas area”.

Users are advised to disable file sharing and update their antivirus software.

Graham Cluely, senior technology consultant at antivirus software vendor Sophos, said the virus has two variants, both of which can format a users hard disk. But he said an epidemic is unlikely because the virus is relatively easy to defend against.

“The virus uses remote installation using IP addresses and most people are not so stupid as to set their machine up such that the root is shareable,” he said.

Jack Clark, European antivirus product manager at Network Associates, said: “If the virus used email it would present a far higher risk.”

The malicious code of the 911 virus consists of a large number of batch files, with an accompanying Visual Basic script. The virus attempts to access computers within the sub-nets of various IP addresses.

If the virus manages to access a computer on one of these sub-nets it creates hidden sub-directories.

There is also a one in three chance that the virus will alter a remote machine’s autoexec.bat file. The altered file will attempt to unconditionally format the H:, G:, F:, E:, and D: hard drives when run on the remote machine. The code then displays an obscene message before attempting to unconditionally format the C: drive.

The virus may also attempt to dial 911, the emergency service number in many countries.

Related reading