As this year (and the millennium) approaches its end, time has come to look back on what we have experienced in 1999 with respect to computer viruses and other malicious programs.

It may be safe to say that during this year the computerized world has been exposed to malicious programs which used techniques formerly unknown, as well as programs which spread at a rate formerly extremely rare.

Let us sum up the most notable incidents:

• W97M/Melissa This macro virus surfaced just before the Easter holiday and spread by using a mass mailing technique which required Microsoft's Outlook as the e-mail client. Melissa caused trouble mainly by overloading several e-mail servers.
• W95/CIH This was the first virus in the wild with a destructive payload which might destroy hardware. Under certain circumstances the CIH virus was able to destroy FlashBIOS in a PC by overwriting it. Even though this virus was known several months before the most destructive variant's payload 26 April, several PCs were hit. Some countries in Asia were most severely hit according to the reports.
• W32/ExploreZip This worm was reported in the wild in the beginning of June. Like the Melissa virus it uses the technique by mass mailing itself to addresses in Outlook's address book (those who have mails unanswered). In addition it also has a destructive payload, as it overwrites several file extensions with zero bytes. Another variant of ExploreZip - the so-called MiniZip appeared at the end of November. This is like the original one except that it has been compressed by a popular compression program.
• VBS/Bubble This worm - also called BubbleBoy is the first malicious program known to be able to spread through e-mails without having to open the e-mail's attachment to be infected. VBS/Bubble utilizes a security hole in Internet Explorer version 5. Similar to some of the abovementioned programs, VBS/Bubble uses Microsoft's newer e-mail clients to mail itself to users in the address book. The technique used in VBS/Bubble may also be used to infect a user while visiting a malicious web page.
• W95/Babylonia This is virus/worm, reported in the wild in the beginning of December propagates as an EXE file, and is also - as the first virus reported in the wild - able to propagate as a HLP file. It infects both these file types. Another new issue with this virus is that it is able to install plug-ins to itself by connecting to a web site, and downloading and executing program parts. It further attach itself to every outgoing e-mail.

As seen from the examples above, there are several techniques in use. Some of which have not been known (except perhaps in theory) till this year. 

We may expect new viruses, using variations of these techniques to appear regularly in the months to come.

The need to have updated virus detection files cannot be stressed too strongly!

Per Olav Førland