By Andy Patrizio,
PC users used to worry about some viruses wiping out their hard disks. Now, they can fret about other viruses sending their most important data files to points unknown on the Internet without them ever knowing it.
The Caligula virus is the latest in information-stealing viruses popping up in recent months that are increasingly complex and send personal data to a specific location on the Internet.
Caligula steals a user's Pretty Good Privacy
key ring and sends it to the FTP site of the hackers who created the virus. Because the PGP key ring is encrypted and is relatively impossible to break, the user's PGP key isn't at risk, but it illustrates the capability of having one's personal files stolen off the computer.
Caligula infects Microsoft Word documents, then checks to see if PGP is installed on the machine. If it is, the user's private key ring -- the encryption algorithm for securing encrypted data -- is sent to the FTP site of The CodeBreakers, a site for virus writers.
At the end of every month, Caligula displays a message box that reads, "WM97/Caligula (c)Opic [CodeBreakers 1998] No cia, No nsa, No satellite, Could map our veins."
Despite concerns that PGP security could be compromised, the key-ring file is useless without the passcode, according to a spokeswoman for Network Associates, which purchased PGP from its developer, Philip Zimmerman, in 1997.
Stealing the PGP key ring was just CodeBreakers' way of showing it could be done. "It could have easily have been your resume file," she said.
"The more functionality you get, the greater the risk. The Internet is opening everything up to increased risk." -- Roger Thompson ICSA |
The Caligula virus is one of several increasingly complex viruses. For years, the idea behind viruses was to keep them as small as possible to avoid detection. This meant they had minimal functionality, often just printing a text message and deleting files or the whole hard disk.
"It used to be [a virus was] written in assembler and made as tiny as it could be," said Roger Thompson, technical director of the anti-virus arena with ICSA, a security consulting firm. With Windows 95 dramatically increasing disk space and the number of files, it's easier to hide bigger viruses, often in plain sight, said Thompson.
But Caligula -- along with Remote Explorer and Picture.exe are a new breed -- performing far more complex tasks. Picture.exe surfaced last month, infecting the computers of America Online users. It would steal their logins and password information and mail it to a location in China.
Information theft is a price for the advent of the Internet, said Thompson. "It's something of an anomaly that security and functionality exist in an inverse relationship," he said. "The more functionality you get, the greater the risk. The Internet is opening everything up to increased risk."
Thompson said he was also greatly bothered that a group like CodeBreakers is so open, complete with its own website and domain.
"At the moment they do it with impunity and are protected by the First Amendment while dramatically contributing to the problem," he said. "If they were slapped by the law, it might give them an incentive to stop."
Try TechWeb's RSS Feed!UCLA seeking Programmer/Analyst IV in Los Angeles, CA
Transportation Security Administration seeking CIO in Arlington, VA
Comcast seeking Tier 4 CRAN Network Engineer in Chelmsford, MA
SMDC Health System seeking Applications System Analyst 3 in Duluth, MN
ISES, Inc. seeking Techncial Support in Bridgewater, NJ
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
