No Smoke Without Fire

27 Feb 2001
Virus News

Even virus hoaxes may have a hidden truth

Probably, you have already received (may be not even for the first time) a warning from your friends and colleagues telling you about the discovery of a new, extremely dangerous computer virus that is being spread in e-mail messages having the "Virtual Card for You" as the subject and avirtual business card (vCard) attached. After the infected card is executed, the virus unbeknownst to the user penetrates into the computer, sends out its copies to all the recipients found in the address book and then destroys the data on the available hard disks. The warning also says that according to news broadcasted by CNN, the virus in just a few hours has already caused panic in New York and continues spreading all around the world. Of course, all anti-virus programs are useless to stop the virus and anti-virus companies are not able to discover the effective antidote against it.

Needless to say that this "warning" can be classified as just yet another virus hoax having nothing in common with reality and deserving to be moved directly to the recycle bin available on your desktop. Although this story originates from late 1999 when the first reports of this virus hoax spreading were detected, now we are experiencing another splash causing many troubles both to computer users and anti-virus vendors. During recent days Kaspersky Lab has received several dozens of requests from users to clarify the issue with the new dangerous vCard virus.

In order not to fall for a virus hoax and to assist in not spreading virus hysteria we recommend you to learn the Self-Guide on how to detect a virus hoax yourself.

Today, virtual business cards have achieved much popularity as they are now de-facto standard for exchanging the contact information between business partners and private users. This technology allows users quickly and easily to enter the contact details into personal address books. To do so one just needs to click on the card and its content will be transferred into the database.

Up until now virtual business cards are considered to be absolutely harmless and their execution, even if a card was received from unknown source, cannot cause any damage to computer data. Obviously, the story with infected vCards spreading via e-mail, as described in the virus hoax, would remain an ill joke, if it were not for the recently discovered vulnerability in Outlook and Outlook Express. This vulnerability causes buffer overflow when the component of the e-mail program processes a virtual card containing more data than it is permitted. As a result, the vCard data may get into restricted system memory zones and be executed. At best this causes the e-mail program to stop functioning until it is restarted. At worst, malicious persons can exploit this vulnerability to run an unauthorized malicious code.

Fortunately, at the moment, Kaspersky Lab has discovered no viruses of this type that use this particular security breach. However, the possibility of their appearance is rather high, so we recommend users to install the corresponding patch for Outlook and Outlook Express, which is available for download from the Microsoft Web site. This will close the breach and guarantee you 100% protection against attacks of the kind.

"This story confirms the relevance of the well-known proverb that serves us as a title for this article. The "smoke" it mentions is that there is no absolutely secure computing environment - it is extremely important to be cautious when running arbitrary files regardless of their format, and timely install patches for operating systems and software you use," said Denis Zenkin, Head of Corporate Communications for Kaspersky Lab.