Central Command€s EVRT Warns of Babylonia, an Internet Worm
Spreading Around the World with a Collection of Advanced Infection
Technologies
The Emergency Virus Response Team (EVRT) at Central Command is
issuing a virus alert about a new advanced virus that is capable of
spreading through the internet and updating itself with plug-ins.
Win95.Babylonia is the first virus that can infect a computer, spread
via the Internet as a worm, and update itself with new features as
they are released.
This virus infects Windows 95 systems; Windows help files, sends
itself as an e-mail attachment, and can update itself with plug-ins.
Using advanced technologies, Babylonia can infect and install itself
into many different applications within the computer. By infecting
Windows 95 applications Babylonia spreads like a normal virus by
replicating through a system using a resident copy hidden in the
background. Additionally, by contaminating Windows help files the
Babylonia virus can use them as infection carriers, which greatly
reduces the chances that an antivirus scanner can remove all traces
of this virus. Working as an Internet worm, it patches the
wsock32.dll application, part of the DLL files required to connect to
the Internet, and then sends copies of the virus out as e-mail
attachments. Lastly, while an infected user is online it connects to
a website in Japan and adds additional utilities to itself as plug-
ins.
€This mixture of features makes this virus one of the more advanced
we have seen for sometime.€ Said Keith Peer, President of Central
Command Inc. €This virus includes technology ideas from the Chernobyl
a.k.a.Win95.CIH virus with it€s resident capabilities under Windows
95, I-Worm.Happy being able to patch the wsock32.dll file for
spreading as an e-mail attachment, and WinHLP.Demo to infect Windows
Help files.€
More information about Babylonia can be read at http://www.avp.com
[This message has been edited by bobo (edited December 14, 1999).]
Spreading Around the World with a Collection of Advanced Infection
Technologies
The Emergency Virus Response Team (EVRT) at Central Command is
issuing a virus alert about a new advanced virus that is capable of
spreading through the internet and updating itself with plug-ins.
Win95.Babylonia is the first virus that can infect a computer, spread
via the Internet as a worm, and update itself with new features as
they are released.
This virus infects Windows 95 systems; Windows help files, sends
itself as an e-mail attachment, and can update itself with plug-ins.
Using advanced technologies, Babylonia can infect and install itself
into many different applications within the computer. By infecting
Windows 95 applications Babylonia spreads like a normal virus by
replicating through a system using a resident copy hidden in the
background. Additionally, by contaminating Windows help files the
Babylonia virus can use them as infection carriers, which greatly
reduces the chances that an antivirus scanner can remove all traces
of this virus. Working as an Internet worm, it patches the
wsock32.dll application, part of the DLL files required to connect to
the Internet, and then sends copies of the virus out as e-mail
attachments. Lastly, while an infected user is online it connects to
a website in Japan and adds additional utilities to itself as plug-
ins.
€This mixture of features makes this virus one of the more advanced
we have seen for sometime.€ Said Keith Peer, President of Central
Command Inc. €This virus includes technology ideas from the Chernobyl
a.k.a.Win95.CIH virus with it€s resident capabilities under Windows
95, I-Worm.Happy being able to patch the wsock32.dll file for
spreading as an e-mail attachment, and WinHLP.Demo to infect Windows
Help files.€
More information about Babylonia can be read at http://www.avp.com
[This message has been edited by bobo (edited December 14, 1999).]