Virus Alert:

A new virus is clogging Internet mail servers and hogging bandwidth around the world. Though it’s not one virus, written by one person, I believe it needs a name: ‘beaver.A’ as we’ll call it, takes on many forms and pervades mail servers around the world.

Virus Type:

Trojan horse spam robot

Threat Level:

High

Behavior:

This virus is installed in SMTP mail servers throughout the world, and takes a wide range of forms. For most server-based virus scanners, the behavior is this: When the mail server receives any known e-mail virus from anyone on the Internet, it sends a warning message to the perceived sender of the infected message. The perceived sender is often not the actual sender— many viruses pick random e-mail addresses from the victim’s web cache and address book, masquerading as them. This is where ‘beaver.B’ does its damage: It sends a “you have a virus” warning message to the “originator” of the message, a third party who may not in fact have any virus. The warning message instills fear and prompts the recipient, perhaps, to buy an anti-virus package from the same company that sent the false warning.

At the peak of any e-mail virus outbreak, when Internet resources are already strained, the varied warning messages produced by ‘beaver.A’ clog servers, hog Internet bandwidth, and fill random e-mail boxes with lies and advertisements, as spammers do.

How it spreads:

This virus is a Trojan horse, but it doesn’t spread in the traditional fashion (via the network, or hidden inside data files), and that’s what makes it so insidious. It hides in the shrink-wrapped products of legitimate virus prevention software vendors. With each sale and installation of mail server virus protection software, it spreads further. Mail server administrators who install virus scanning products to protect their own users from e-mail viruses, are often oblivious to the nuisance they’re unleashing on everyone else.

Prevention:

People receiving these warning messages may contact the server administrator of the system that sent the warning. Server administrators may refer to the user’s guide of the SMTP server virus-scanning product they’ve purchased. Companies producing these products may, in future releases, eliminate ‘beaver.A’ from their product by supressing the warning messages by default, especially when receiving viruses with unknown origins.

Carl Tashian / www.tashian.com