WinScript.Rabbit - 10 Strings Going To Shake The World!
03 Nov 1998
New computer virus is written in Windows command language! Will it be the
real nightmare for users of the Internet?
The last week of October 1998 brought a real surprise in the computer world.
Kaspersky Lab Int. experts detected a computer virus using new methods of contamination
and infecting Windows scripts (programs written in Windows command language).
When started this virus looks for other files (scripts) on the disk and substitutes
them with its copy. But the most dangerous feature of this virus is that it
is capable to transmit itself via the Internet � the most advanced browsers
execute infected scripts on a local computer even when they are located on the
remote Web server.
The concept of this type of virus was earlier implemented in several viruses
for UNIX. In the late 80ties viruses that were written in the command language
of UNIX clones became a real curse for global computer networks. The most famous
members of this family were network worms called Christmas Tree, HI.COM and
Wank Worm. This new Windows script-virus may well become the patriarch of the
new family of network worms.
The detected virus is the first known virus infecting Windows scripts. Its
structure is very simple and contains about 10 commands. This virus might well
be just the first attempt to write a virus of this kind of one of the virus-writers
participating in vary famous hacker club of CodeBreakers. There are a set of
inaccuracies that immediately unmask this virus once it appears within a system:
when started from the remote Web server this virus infects all the files in
the browser cache and copies them onto the computer Desktop � the browser working
directory. At that the computer Desktop turns out to be filled with icons of
infected scripts � the virus reproduces itself as a rabbit, that is why it was
Despite of all these inaccuracies and the simplicity of the code this virus
is a potential threat for users of the Internet. Its mechanism of self-distribution
is based on the powerful features of contemporary global networks. This virus
might well be taken as a model for the new viruses that will adopt the same
method of self-distribution.
We expect many more new viruses of this type infecting not only scripts but
also other elements of Windows OS and also Web servers. This virus is capable
of working under all versions of Windows32 (Windows95/98/NT) where Microsoft
Scripting Host can be found. Script-support is a standard feature of Windows98
and NT 5.0. Other versions of Windows and Windows NT may obtain this feature
For the purpose of self-protection we strongly recommend all users Windows
95/98/NT to install the browser add-in from Kaspersky Lab. AntiViral Toolkit
Pro (AVP) for browsers will protect you from all the ever-detected script viruses.
This protection is included in the last AVP update.
In the nearest future Kaspersky Lab plans to release AVP Inspector for Web
Server � special version of our reliable antivirus program that will monitor
all the changes within Web sever pages.