Several viruses have recently been created which utilize Internet protocols and applications in their behaviour.

One such familiy is the W97M/Caligula viruses which attack the version of Microsoft Word included in Office 97 (Word version8) and infect documents and the global template.

These viruses perform two completely different actions - one quite harmless and one potentially severe in certain circumstances:

• On the 31 each month it displays a message box with this text:

WM97/Caligula (c) Optic [CodeBreakers 1998] No cia, No nsa, No satellite, Could map our veins

• If the encryption program Pretty Good Privacy (PGP) is installed on an infected computer, the virus locates the user's private key (SECRING.SKR) and uses file transfer protocol (ftp) to send this file to a computer in the virus author's domain. When this file is successfully transferred information is written in Windows' Registry and there are no more attempts to upload the file. If a user has selected a passphrase to his/her private key which is easy to break, the virus author could decrypt PGP-encrypted files sent to the user.

Normally this would not be a high-risk situation because the virus author would have to get the encrypted file in order to use the stolen private key to decrypt it.

We predict that in the future we will see more viruses which use the Internet to tranfer information about a user and the information on his/her computer to the virus author or other.

Updated versions of Norman Virus Control detect and removes the W97M/Caligula viruses.

Per Olav Førland