1. /
  2. Security Response/
  3. Pandemic Computer Virus Hoax

Pandemic Computer Virus Hoax

Updated:
February 13, 2007 11:33:07 AM
Type:
Hoax

The Pandemic Hoax is distributed through email messages. It is a hoax and should be ignored.

Sample of hoax message:

'Pandemic Computer Virus Discovered
(A ZDNet Exclusive)
April 4 Cupertino, CA

Yesterday, the anti-virus programming group at Symantec, the Cupertino California-based maker of the Norton brand of anti-virus software, announced the discovery of a unique computer virus which, though extremely widespread, has managed to elude detection for more than three years.

Most computer viruses clandestinely reproduce on a host computer or computer network, and then destroy data or cause performance irregularities. According to Symantec's anti-virus experts, this previously unknown breed of virus, christened "Microshaft" by its creator, wreaks havoc by mimicking the Microsoft Windows 95 and Windows 98 operating systems. News of the virus has rocked the computer industry in Silicon Valley. Emergency meetings of top executives and programmers were convened yesterday at leading industry firms here and around the world. Since most personal computers are pre-installed with the Windows operating system, it is possible that tens of millions of computers have been infected. "The genius of the virus' creators is truly amazing," said a visibly exhausted Chuck Wagner, senior programmer in charge of the anti-virus lab at Symantec. "This is the first virus ever found "in the wild" which is capable of mimicking all the major functions of an operating system, and that's why nobody caught it until now. It's extremely sophisticated, and almost impossible to pin down. But if you've experienced crashes, disk errors and data loss, or have had problems installing new hardware devices, you've probably got it."

It seems that in August of 1995 a security breach of unprecedented gravity occurred at the Redmond, Washington-based Microsoft Corporation. As the debut version of Windows 95 was being prepared for public release, Microshaft virus was grafted onto the top-secret shared network files of the popular Microsoft Windows 95 operating system, probably by a person or persons working inside the company.

By encoding itself in the kernel-the all-but-indecipherable crux of the Windows 95 and Windows 98 operating systems-the prevaricating virus has outfoxed technical analysts at Microsoft, and other leading software development firms and computer manufacturers, for more than forty months. The source of Windows 95's infamous unreliability, previously thought to be the fault of Microsoft's lack of strict programming standards, is now believed to be none other than the Microshaft virus.

The virus was reported to Symantec's elite cadre of anti-virus experts by Guillermo Puertas, a computer programmer in San Diego, California. In a telephone interview, Mr. Puertas-a self-described "amateur computer virologist"-said that he might never have suspected the existence of the Microshaft virus, had he not installed a second operating system, Linux, on his computer.

With Linux -- a Unix clone downloadable for free over the Internet-Mr. Puertas noticed that his system was suddenly free of the crashes and other performance flaws which had been plaguing his Windows programs. When he subjected the computer to a barrage of customized tests, Mr. Puertas discovered "incontrovertible" evidence that the portion of his hard drive allocated to Windows was infected by a "viropsys", or operating system-mimicking virus. Mr. Puertas claims that "the Microshaft virus...can also mimic some common programs like Internet Explorer and [Microsoft] Word...You think you're word processing or browsing the Internet, but in fact you're playing right into its hands. Every time you run a program, open a file or install a new application, you're feeding it more raw data, which increases the likelihood of reduced performance, hardware conflicts and crashes leading to loss of crucial data."

According to Mr. Puertas, since the virus has insinuated itself into the kernel of the Windows operating system, it might be extremely difficult, if not impossible, to eliminate the virus without destroying the functionality of Windows altogether. "It's like inoperable cancer," he said. "You can't remove the cancer without killing the patient."

Mr. Puertas speculated that the virus has managed to elude detection until now because of the extreme secrecy surrounding the Windows 95/98 kernel, the entire contents of which is known to few (if any) Microsoft programmers other than Microsoft Chairman Bill Gates. "Basically," says Puertas, "Microsoft's Windows programmers have been kept in the dark about each others' work, in order to protect proprietary source code. Some disgruntled programmer must have slipped the virus in through a crack", thus allowing it to lodge in the heart of the Windows operating system. Ralph Lederer, a legal consultant on intellectual property law in the computer industry and a business partner of Mr. Puertas, said that "because what appears on the user's screen as Internet Explorer is very likely a clever front for the virus, Microsoft's claim that Internet Explorer cannot be removed from Windows 98 without crippling Windows' functionality might actually have some truth to it."

In the past year, litigators in the Federal Government's anti-trust case against Microsoft have contested the company's claim that its Internet Explorer web browser is an integral part of the Windows operating system. "It's ironic, but the Microshaft virus could be a godsend for Bill Gates," noted Mr. Lederer. Asked what measures might be taken to neutralize the virus, Mr. Wagner said that Symantec's anti-virus unit would be working around the clock with top Microsoft programmers to develop commercial software capable of detecting and disabling the virus. "For the moment, we're going to have to live with it," he said with a sigh. "And somehow we've already managed do so for three and a half years. In any case, pretty soon users will have the option to upgrade to Windows 2000, which should be virus-free."

In a related story, on Monday Microsoft announced a bid to acquire a controlling share of Symantec, whose stock has gained seventeen points since the offer. Meanwhile, Microsoft stock has taken a five-percent plunge on news of the virus, but most market analysts and fund managers are sitting tight. According to several Wall Street sources, the Symantec deal, plus the expected stampede of computer users desperate to upgrade to a virus-free Windows 2000, will ensure better-than-expected profits for Microsoft during the next fiscal year.

At a Redmond press conference last evening, a Microsoft spokesman said that although company programmers had been unaware of the virus' existence, emergency measures were being taken to rectify the problem. When asked whether Microsoft would reveal its Windows operating system code so that programmers around the world could help root out the virus, he answered "That's not gonna happen", and declined to answer any further questions.'Please ignore any messages regarding this hoax and do not pass on messages. Passing on messages about the hoax only serves to further propagate it.
Writeup By: Motoaki Yamamura
Summary| Technical Details

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver